lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <m1CojRi-000pugC__42164.8901691244$1105560685$gmane$org@finlandia.Infodrom.North.DE> Date: Wed, 12 Jan 2005 15:26:02 +0100 (CET) From: joey@...odrom.org (Martin Schulze) To: bugtraq@...urityfocus.com Subject: [SECURITY] [DSA 636-1] New libc6 packages fix insecure temporary files -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 636-1 security@...ian.org http://www.debian.org/security/ Martin Schulze January 12th, 2005 http://www.debian.org/security/faq - -------------------------------------------------------------------------- Package : glibc Vulnerability : insecure temporary files Problem-Type : local Debian-specific: no CVE ID : CAN-2004-0968 BugTraq ID : 11286 Debian Bug : 279680 278278 205600 Several insecure uses of temporary files have been discovered in support scripts in the libc6 package which provices the c library for a GNU/Linux system. Trustix developers found that the catchsegv script uses temporary files insecurely. Openwall developers discovered insecure temporary files in the glibcbug script. These scripts are vulnerable to a symlink attack. For the stable distribution (woody) these problems have been fixed in version 2.2.5-11.8. For the unstable distribution (sid) these problems have been fixed in version 2.3.2.ds1-20. We recommend that you upgrade your libc6 package. Upgrade Instructions - -------------------- wget url will fetch the file for you dpkg -i file.deb will install the referenced file. If you are using the apt-get package manager, use the line for sources.list as given below: apt-get update will update the internal database apt-get upgrade will install corrected packages You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 3.0 alias woody - -------------------------------- Source archives: http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.dsc Size/MD5 checksum: 1458 bc2b80a7f76bbf4243fa86f5245f5a50 http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5-11.8.diff.gz Size/MD5 checksum: 399970 4e1576598f13f2a628b3eef2c9bcdc48 http://security.debian.org/pool/updates/main/g/glibc/glibc_2.2.5.orig.tar.gz Size/MD5 checksum: 11370961 bf5653fdff22ee350bd7d48047cffab9 Architecture independent components: http://security.debian.org/pool/updates/main/g/glibc/glibc-doc_2.2.5-11.8_all.deb Size/MD5 checksum: 2699182 c7a50fe321349d3593a8aa14a1a2c86a http://security.debian.org/pool/updates/main/g/glibc/locales_2.2.5-11.8_all.deb Size/MD5 checksum: 3387990 8aaa9b854416e5a6e9b1a65b1bf7ea62 Alpha architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.8_alpha.deb Size/MD5 checksum: 4557986 2a37871e21fdb5a514d09110814d43b5 http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.8_alpha.deb Size/MD5 checksum: 1351232 def6755e17e3bc9384f9fa2c0d568b55 http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.8_alpha.deb Size/MD5 checksum: 2981066 41abb2fe30295e762110e4e065c9e188 http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.8_alpha.deb Size/MD5 checksum: 1321546 f41b8bce8503579888203ac22c866344 http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.8_alpha.deb Size/MD5 checksum: 1538778 526584f3262d17309a68b1c8f8888ae6 http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_alpha.deb Size/MD5 checksum: 69866 b7135768c78ffff5f453a3027e811d8b ARM architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_arm.deb Size/MD5 checksum: 3686218 05ab21bcfd365fd6e56f6745eb0005fd http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_arm.deb Size/MD5 checksum: 2767406 c5d453caa9030ebf82023e3ded3ff844 http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_arm.deb Size/MD5 checksum: 2863418 4bf8522f010cc826fd494e8deac0a504 http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_arm.deb Size/MD5 checksum: 1182298 6197804eeb01e05a195b4360115cb19d http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_arm.deb Size/MD5 checksum: 1282776 557442af8531a7dccf5ed38865edfac1 http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_arm.deb Size/MD5 checksum: 59674 c191744f43225bc100f127267dbbd38b Intel IA-32 architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_i386.deb Size/MD5 checksum: 3383144 143978addc25816d4da0e850549a17fb http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_i386.deb Size/MD5 checksum: 2433964 efb2d99d347c2bd1f7a0904c1df18201 http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_i386.deb Size/MD5 checksum: 2390882 78374bee4d59301db2ef508c44517260 http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_i386.deb Size/MD5 checksum: 841904 509a1fb214b2880222014ed345ae0b5b http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_i386.deb Size/MD5 checksum: 936090 6580c4efcd07515f68cc557a5daeb595 http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_i386.deb Size/MD5 checksum: 59370 07ce697d3001a44f9f69bd821cb4cd4a Intel IA-64 architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6.1_2.2.5-11.8_ia64.deb Size/MD5 checksum: 4438400 92d599315311e05a48512c09a392aa0e http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dbg_2.2.5-11.8_ia64.deb Size/MD5 checksum: 8369602 901aa7a7845578ae6c85ccced230924b http://security.debian.org/pool/updates/main/g/glibc/libc6.1-dev_2.2.5-11.8_ia64.deb Size/MD5 checksum: 3546980 2508ffbed6680d16324fc2948b08e73a http://security.debian.org/pool/updates/main/g/glibc/libc6.1-pic_2.2.5-11.8_ia64.deb Size/MD5 checksum: 1366172 7cc362b3711521d6f5d1b197f7a8b045 http://security.debian.org/pool/updates/main/g/glibc/libc6.1-prof_2.2.5-11.8_ia64.deb Size/MD5 checksum: 1638402 f5294fe899e09f7fecbef931110d8d50 http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_ia64.deb Size/MD5 checksum: 69942 a79f9355cd77c4eaadbca7662f618c6a HP Precision architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_hppa.deb Size/MD5 checksum: 4171374 01206d5d4970e85ba0f3ced021f0be87 http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_hppa.deb Size/MD5 checksum: 3060876 3005ba0066bde9cb5b8a4acf322e236a http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_hppa.deb Size/MD5 checksum: 2897412 30a3ee4e876c8e5fbd8f8337c95876c1 http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_hppa.deb Size/MD5 checksum: 1280802 460366989b573c75bf6a87ad0ff12271 http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_hppa.deb Size/MD5 checksum: 1445874 15abac5f1a0ba739fe92a866b9f05e9c http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_hppa.deb Size/MD5 checksum: 62782 180e79bd7cad42a5bfc8dfc1ff898fdc Motorola 680x0 architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_m68k.deb Size/MD5 checksum: 3506132 6944762f2008e8455f6116d01e00712f http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_m68k.deb Size/MD5 checksum: 2430672 eb8ed07f4979afa684fc0c13e0aa1608 http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_m68k.deb Size/MD5 checksum: 2284400 5c51d36868f57600a481e53259733d69 http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_m68k.deb Size/MD5 checksum: 731902 187dddf8ea4bc4404ad1a62b276c8b24 http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_m68k.deb Size/MD5 checksum: 839298 e97e9b57d6fd2dea774ae33739a5486e http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_m68k.deb Size/MD5 checksum: 58264 75601dccba26cb706ed8caa53ea25a7e Big endian MIPS architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_mips.deb Size/MD5 checksum: 3864828 c9a688e83c24c9098b50602b63e777c4 http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_mips.deb Size/MD5 checksum: 3846450 4d9aa1133ea550814b553f19ccace4e8 http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_mips.deb Size/MD5 checksum: 3020726 08425a684bd8b8b363351c099fcec37f http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_mips.deb Size/MD5 checksum: 1204310 38a52a2e0807bb3400f4d0109cb59609 http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_mips.deb Size/MD5 checksum: 1358842 5de4e0fea3ca4d405bf3f718a54a87f4 http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_mips.deb Size/MD5 checksum: 61308 50ff02f524d05c3cbb5ba261feedad93 Little endian MIPS architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_mipsel.deb Size/MD5 checksum: 3732104 7c6bca23f53680184c58b5242e849243 http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_mipsel.deb Size/MD5 checksum: 3753524 d54f0987fd3f4c498ca1b3c68967046f http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_mipsel.deb Size/MD5 checksum: 2990830 4b535ca534ebf3f4ab72fd22ae217257 http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_mipsel.deb Size/MD5 checksum: 1198340 7a25bfbf8be5a06fe49ab1c60e3e1aa3 http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_mipsel.deb Size/MD5 checksum: 1353312 fb493b6a38d0c1c3c3d8ba4ac6445d8c http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_mipsel.deb Size/MD5 checksum: 61278 be5ad77f538097518a61bacfdb43f6f1 PowerPC architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_powerpc.deb Size/MD5 checksum: 3980286 2e30f4f5b255e02cb1c3ccd5b903ee5c http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_powerpc.deb Size/MD5 checksum: 2870050 ae157ed4b6887b1cbe7c8e96031cdc50 http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_powerpc.deb Size/MD5 checksum: 2821732 28fefa99550df3ea8669fef5d673ac87 http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_powerpc.deb Size/MD5 checksum: 1148836 31be5ee73ab206a6b1478b1774b3c1bc http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_powerpc.deb Size/MD5 checksum: 1343770 4c7ad144576df8cf7ec0600dc3db1b7a http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_powerpc.deb Size/MD5 checksum: 60310 b8231054deac769a91262010fd20ec8c IBM S/390 architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_s390.deb Size/MD5 checksum: 3937552 0a06a0800512d0c8c498dc73407e74d5 http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_s390.deb Size/MD5 checksum: 1229312 11ef3b4b76a1d11e08b61313e2eb5ace http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_s390.deb Size/MD5 checksum: 2624946 a7dd12533f70a9b84e7dc4d5f6ce6004 http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_s390.deb Size/MD5 checksum: 1108534 881dc7501c54073766949a47f8060e15 http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_s390.deb Size/MD5 checksum: 1187536 e504a04c00f655373e573f55a82e12d7 http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_s390.deb Size/MD5 checksum: 61312 06d072845af84ffb1487e0eb75c5bfab Sun Sparc architecture: http://security.debian.org/pool/updates/main/g/glibc/libc6_2.2.5-11.8_sparc.deb Size/MD5 checksum: 3863658 bc662d54a4174a3de369d3defeec2e4d http://security.debian.org/pool/updates/main/g/glibc/libc6-dbg_2.2.5-11.8_sparc.deb Size/MD5 checksum: 2816612 ec8f0d6d5e23e27446eaf43d840098a5 http://security.debian.org/pool/updates/main/g/glibc/libc6-dev_2.2.5-11.8_sparc.deb Size/MD5 checksum: 2764334 f35d4dce282125476a800a0f79017a55 http://security.debian.org/pool/updates/main/g/glibc/libc6-dev-sparc64_2.2.5-11.8_sparc.deb Size/MD5 checksum: 1631776 798a588c7f300c0025d4b3b298d616b5 http://security.debian.org/pool/updates/main/g/glibc/libc6-pic_2.2.5-11.8_sparc.deb Size/MD5 checksum: 1146738 a681d60dc0a75f0d30a1a274842a86b1 http://security.debian.org/pool/updates/main/g/glibc/libc6-prof_2.2.5-11.8_sparc.deb Size/MD5 checksum: 1258388 551ef7b7b149e288c90e53fec19073e5 http://security.debian.org/pool/updates/main/g/glibc/libc6-sparc64_2.2.5-11.8_sparc.deb Size/MD5 checksum: 4184798 9d62c1f3dfc942e8c41e4e3954dc712d http://security.debian.org/pool/updates/main/g/glibc/nscd_2.2.5-11.8_sparc.deb Size/MD5 checksum: 60220 0067b2de58cfd2663380220a489706c0 These files will probably be moved into the stable distribution on its next update. - --------------------------------------------------------------------------------- For apt-get: deb http://security.debian.org/ stable/updates main For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main Mailing list: debian-security-announce@...ts.debian.org Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg> -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFB5TN6W5ql+IAeqTIRAv+gAJ9wIt390sMEDVourQbGRh02Pmi5gQCfdx5g FDQWPYEtQ/L0GidjvQq3XWM= =nraA -----END PGP SIGNATURE-----