[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041028060643.GA10748@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-4-1] Standard C library script vulnerabilities
===========================================================
Ubuntu Security Notice USN-4-1 October 27, 2004
Standard C library script vulnerabilities
CAN-2004-0968
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libc6
The problem can be corrected by upgrading the affected package to
version 2.3.2.ds1-13ubuntu2.2. In general, a standard system upgrade
is sufficient to effect the necessary changes.
Details follow:
Recently, Trustix Secure Linux discovered some vulnerabilities in the
libc6 package. The utilities "catchsegv" and "glibcbug" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the program.
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1-13ubuntu2.2.diff.gz
Size/MD5: 1718601 cf6afbc349154329c272077c73ba9179
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1-13ubuntu2.2.dsc
Size/MD5: 1656 4c7cb8a913a57c4719b608c49c2d2b2e
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1.orig.tar.gz
Size/MD5: 13246448 b982bf6ad7ebc8622d3b81d51c44b78a
Architecture independent packages:
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc-doc_2.3.2.ds1-13ubuntu2.2_all.deb
Size/MD5: 3839054 c45aae7010692177a047dc68a0892f7c
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/locales_2.3.2.ds1-13ubuntu2.2_all.deb
Size/MD5: 3979842 272da092e74a39c4f15d10ddd1c3c2a0
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 9172938 0b62bf67b6b1ea70c2f1dce0a5a72e78
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 2961890 fca2ae9c057eefebceffc6eef5c44f8c
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 1318744 cae5a17fbbbf4d454aff91f028ba45bf
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 2429958 6111ed6e95b4d3106f516a0e910e6b7d
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
Size/MD5: 953804 8c92652345079beea4059c2bd02cf0f6
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 5424778 591e999cfc9de47e655365f2a6bd5407
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
Size/MD5: 8168 f007a3aa95bbe190e295ef04b98455b3
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
Size/MD5: 15960 a50daa05546194f6d0a30d02bdd666a4
http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 90622 3251a57ba6896b412e270ef812500e08
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 10199756 981e3d99127302b8955e0d0ecfc87189
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 2510202 4a0c6a6c253aeb99a9698c541de90db5
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i686_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 944732 45839ff16f3668c6ef58a213c6d805b4
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 1015598 8c50383383de8d5f23236ce7211a0e11
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 1985400 3882b6b9f770ffe1e2bc3c7ab55c0c5e
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
Size/MD5: 691838 94ed23b75666c67bda94b9c07ce4a5a4
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 4844160 d5aebff13cd1eb6f4e29d68c38cd60ae
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
Size/MD5: 7702 03de6798940e807729f30a62aac2f7ec
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
Size/MD5: 13426 b932f23a4f9c3d776c6a7c26612a44d8
http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 88312 99d91c0cf770b202b37ed8ae0b131ed4
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 9216664 64ef82237a246fa888980efa4ea3fe76
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 3068930 ce32157ff282f9f48ffeba47bc4a7cc9
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 1272340 804072cb7e38a128ab022f05c88bc456
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 2582898 2c84b6bf455a4a7c3742307bb8c87c00
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
Size/MD5: 946680 0ea82c88731a21d61b3a633b4eaffda8
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 4213364 4f0c8de536cd48d333e52cde5aa5a0e3
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
Size/MD5: 8194 e90b76a0e762d97deddee338ea46c475
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
Size/MD5: 14766 82dcd7f1abfac39464135522a96f1d42
http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 89468 1debcc6600d1c3d4e60b1156178f99c7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041028/ef8e9829/attachment.bin
Powered by blists - more mailing lists