lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20041028060643.GA10748@box79162.elkhouse.de>
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-4-1] Standard C library script vulnerabilities

===========================================================
Ubuntu Security Notice USN-4-1             October 27, 2004
Standard C library script vulnerabilities
CAN-2004-0968
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libc6

The problem can be corrected by upgrading the affected package to
version 2.3.2.ds1-13ubuntu2.2. In general, a standard system upgrade
is sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered some vulnerabilities in the
libc6 package. The utilities "catchsegv" and "glibcbug" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the program.

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1-13ubuntu2.2.diff.gz
      Size/MD5:  1718601 cf6afbc349154329c272077c73ba9179
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1-13ubuntu2.2.dsc
      Size/MD5:     1656 4c7cb8a913a57c4719b608c49c2d2b2e
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1.orig.tar.gz
      Size/MD5: 13246448 b982bf6ad7ebc8622d3b81d51c44b78a

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc-doc_2.3.2.ds1-13ubuntu2.2_all.deb
      Size/MD5:  3839054 c45aae7010692177a047dc68a0892f7c
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/locales_2.3.2.ds1-13ubuntu2.2_all.deb
      Size/MD5:  3979842 272da092e74a39c4f15d10ddd1c3c2a0

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:  9172938 0b62bf67b6b1ea70c2f1dce0a5a72e78
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:  2961890 fca2ae9c057eefebceffc6eef5c44f8c
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:  1318744 cae5a17fbbbf4d454aff91f028ba45bf
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:  2429958 6111ed6e95b4d3106f516a0e910e6b7d
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
      Size/MD5:   953804 8c92652345079beea4059c2bd02cf0f6
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:  5424778 591e999cfc9de47e655365f2a6bd5407
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
      Size/MD5:     8168 f007a3aa95bbe190e295ef04b98455b3
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
      Size/MD5:    15960 a50daa05546194f6d0a30d02bdd666a4
    http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_amd64.deb
      Size/MD5:    90622 3251a57ba6896b412e270ef812500e08

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5: 10199756 981e3d99127302b8955e0d0ecfc87189
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:  2510202 4a0c6a6c253aeb99a9698c541de90db5
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i686_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:   944732 45839ff16f3668c6ef58a213c6d805b4
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:  1015598 8c50383383de8d5f23236ce7211a0e11
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:  1985400 3882b6b9f770ffe1e2bc3c7ab55c0c5e
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
      Size/MD5:   691838 94ed23b75666c67bda94b9c07ce4a5a4
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:  4844160 d5aebff13cd1eb6f4e29d68c38cd60ae
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
      Size/MD5:     7702 03de6798940e807729f30a62aac2f7ec
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
      Size/MD5:    13426 b932f23a4f9c3d776c6a7c26612a44d8
    http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_i386.deb
      Size/MD5:    88312 99d91c0cf770b202b37ed8ae0b131ed4

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:  9216664 64ef82237a246fa888980efa4ea3fe76
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:  3068930 ce32157ff282f9f48ffeba47bc4a7cc9
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:  1272340 804072cb7e38a128ab022f05c88bc456
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:  2582898 2c84b6bf455a4a7c3742307bb8c87c00
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
      Size/MD5:   946680 0ea82c88731a21d61b3a633b4eaffda8
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:  4213364 4f0c8de536cd48d333e52cde5aa5a0e3
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
      Size/MD5:     8194 e90b76a0e762d97deddee338ea46c475
    http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
      Size/MD5:    14766 82dcd7f1abfac39464135522a96f1d42
    http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_powerpc.deb
      Size/MD5:    89468 1debcc6600d1c3d4e60b1156178f99c7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20041028/ef8e9829/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ