[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1OM1jZ-0002lN-18@titan.mandriva.com>
Date: Tue, 08 Jun 2010 18:33:00 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:111 ] glibc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2010:111
http://www.mandriva.com/security/
_______________________________________________________________________
Package : glibc
Date : June 8, 2010
Affected: 2008.0, 2009.0, 2009.1, Corporate 4.0, Enterprise Server 5.0,
Multi Network Firewall 2.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities was discovered and fixed in glibc:
Multiple integer overflows in the strfmon implementation in
the GNU C Library (aka glibc or libc6) 2.10.1 and earlier allow
context-dependent attackers to cause a denial of service (memory
consumption or application crash) via a crafted format string, as
demonstrated by a crafted first argument to the money_format function
in PHP, a related issue to CVE-2008-1391 (CVE-2009-4880).
Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c
in the strfmon implementation in the GNU C Library (aka glibc or
libc6) before 2.10.1 allows context-dependent attackers to cause a
denial of service (application crash) via a crafted format string,
as demonstrated by the %99999999999999999999n string, a related issue
to CVE-2008-1391 (CVE-2009-4881).
nis/nss_nis/nis-pwd.c in the GNU C Library (aka glibc or libc6)
2.7 and Embedded GLIBC (EGLIBC) 2.10.2 adds information from the
passwd.adjunct.byname map to entries in the passwd map, which allows
remote attackers to obtain the encrypted passwords of NIS accounts
by calling the getpwnam function (CVE-2010-0015).
The encode_name macro in misc/mntent_r.c in the GNU C Library (aka
glibc or libc6) 2.11.1 and earlier, as used by ncpmount and mount.cifs,
does not properly handle newline characters in mountpoint names, which
allows local users to cause a denial of service (mtab corruption),
or possibly modify mount options and gain privileges, via a crafted
mount request (CVE-2010-0296).
Integer signedness error in the elf_get_dynamic_info function
in elf/dynamic-link.h in ld.so in the GNU C Library (aka glibc or
libc6) 2.0.1 through 2.11.1, when the --verify option is used, allows
user-assisted remote attackers to execute arbitrary code via a crafted
ELF program with a negative value for a certain d_tag structure member
in the ELF header (CVE-2010-0830).
Packages for 2008.0 and 2009.0 are provided as of the Extended
Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4880
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4881
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0015
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0296
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0830
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2008.0:
a6be61ab9c01b49d8367a227a98d5d2f 2008.0/i586/glibc-2.6.1-4.4mdv2008.0.i586.rpm
7ed4b1dd662b69be4204ceb7aa773e46 2008.0/i586/glibc-devel-2.6.1-4.4mdv2008.0.i586.rpm
3e87207fb07fe1881e89ffe8994a7700 2008.0/i586/glibc-doc-2.6.1-4.4mdv2008.0.i586.rpm
702d0e14fd50fd4492293f61645d416a 2008.0/i586/glibc-doc-pdf-2.6.1-4.4mdv2008.0.i586.rpm
483ed0881b3ae32c34b4d2a7f0470a0b 2008.0/i586/glibc-i18ndata-2.6.1-4.4mdv2008.0.i586.rpm
cd07230fd5469530f02290dabad9251c 2008.0/i586/glibc-profile-2.6.1-4.4mdv2008.0.i586.rpm
2f4a231ea0ffc50377aa2ac239be828b 2008.0/i586/glibc-static-devel-2.6.1-4.4mdv2008.0.i586.rpm
bafc97703cec81e14a7d59a053358a6b 2008.0/i586/glibc-utils-2.6.1-4.4mdv2008.0.i586.rpm
14bfc918f2021ecd4c44914c2088a2fd 2008.0/i586/nscd-2.6.1-4.4mdv2008.0.i586.rpm
dd0ab158cfbc93d3d8da2be65b27d10b 2008.0/SRPMS/glibc-2.6.1-4.4mdv2008.0.src.rpm
Mandriva Linux 2008.0/X86_64:
1b9acf433d349ea77f92952067ff99cd 2008.0/x86_64/glibc-2.6.1-4.4mdv2008.0.x86_64.rpm
509a91e2a81781aa709e17fc87b80976 2008.0/x86_64/glibc-devel-2.6.1-4.4mdv2008.0.x86_64.rpm
e096abac716f5f3525976d8ea32a1aa0 2008.0/x86_64/glibc-doc-2.6.1-4.4mdv2008.0.x86_64.rpm
3658d77c02ec8fb3a66202b9eec423ff 2008.0/x86_64/glibc-doc-pdf-2.6.1-4.4mdv2008.0.x86_64.rpm
e9400b007ec1c381857e81755cf00539 2008.0/x86_64/glibc-i18ndata-2.6.1-4.4mdv2008.0.x86_64.rpm
818a9b7914b502d6dce40443e6b2a514 2008.0/x86_64/glibc-profile-2.6.1-4.4mdv2008.0.x86_64.rpm
20f70cf11c5ceaaa5a23cab5eb67668f 2008.0/x86_64/glibc-static-devel-2.6.1-4.4mdv2008.0.x86_64.rpm
abe9a2d6610a0ef12f0adae2cb8adf7f 2008.0/x86_64/glibc-utils-2.6.1-4.4mdv2008.0.x86_64.rpm
4b23dceb84f18a6975a80c43d5bdf26f 2008.0/x86_64/nscd-2.6.1-4.4mdv2008.0.x86_64.rpm
dd0ab158cfbc93d3d8da2be65b27d10b 2008.0/SRPMS/glibc-2.6.1-4.4mdv2008.0.src.rpm
Mandriva Linux 2009.0:
856644953ae0e7717458ae18629c4f5b 2009.0/i586/glibc-2.8-1.20080520.5.5mnb2.i586.rpm
4e1ddbf980e6e6eb9a4102c18b831d49 2009.0/i586/glibc-devel-2.8-1.20080520.5.5mnb2.i586.rpm
ef0bf965eafd838c64d255a9cfe315f9 2009.0/i586/glibc-doc-2.8-1.20080520.5.5mnb2.i586.rpm
8ad0a0865c41e06e133d6f0056ee92b4 2009.0/i586/glibc-doc-pdf-2.8-1.20080520.5.5mnb2.i586.rpm
371929293e82487ba205a0743facad4a 2009.0/i586/glibc-i18ndata-2.8-1.20080520.5.5mnb2.i586.rpm
5848a26cc38ab67d3da83cd942da72fc 2009.0/i586/glibc-profile-2.8-1.20080520.5.5mnb2.i586.rpm
bf4d854a749097ce82bd0265ddd25826 2009.0/i586/glibc-static-devel-2.8-1.20080520.5.5mnb2.i586.rpm
47b38b50f8c85c80b2f5e167a1bf8d7d 2009.0/i586/glibc-utils-2.8-1.20080520.5.5mnb2.i586.rpm
c9ee2bfeffa362374fa98661f3caf41f 2009.0/i586/nscd-2.8-1.20080520.5.5mnb2.i586.rpm
7d6b93e422647a2728fd0e6af507d869 2009.0/SRPMS/glibc-2.8-1.20080520.5.5mnb2.src.rpm
Mandriva Linux 2009.0/X86_64:
24a345f9db10bc7e0da9e68f5ec1a984 2009.0/x86_64/glibc-2.8-1.20080520.5.5mnb2.x86_64.rpm
83a5102696f40d67d9181c4e1d082897 2009.0/x86_64/glibc-devel-2.8-1.20080520.5.5mnb2.x86_64.rpm
0442c7560093fc53823fb5d13cd5d702 2009.0/x86_64/glibc-doc-2.8-1.20080520.5.5mnb2.x86_64.rpm
df71ed7e7d339744288aa27dc14798bb 2009.0/x86_64/glibc-doc-pdf-2.8-1.20080520.5.5mnb2.x86_64.rpm
8c72bcd78e84c9a3529105716ae66551 2009.0/x86_64/glibc-i18ndata-2.8-1.20080520.5.5mnb2.x86_64.rpm
c550910a8c3fb3b3d521b409773c4089 2009.0/x86_64/glibc-profile-2.8-1.20080520.5.5mnb2.x86_64.rpm
f5a56c0d70d67fc7b3f6fa95fea98620 2009.0/x86_64/glibc-static-devel-2.8-1.20080520.5.5mnb2.x86_64.rpm
7f447e6eba9cae2db0bbf704847d18f4 2009.0/x86_64/glibc-utils-2.8-1.20080520.5.5mnb2.x86_64.rpm
3972f478aa6609f469199aa06be41a0d 2009.0/x86_64/nscd-2.8-1.20080520.5.5mnb2.x86_64.rpm
7d6b93e422647a2728fd0e6af507d869 2009.0/SRPMS/glibc-2.8-1.20080520.5.5mnb2.src.rpm
Mandriva Linux 2009.1:
75599b6914505b16a4b44861a59f2e4e 2009.1/i586/glibc-2.9-0.20081113.5.1mnb2.i586.rpm
959d7981e383eb86becc9db13cc3fdce 2009.1/i586/glibc-devel-2.9-0.20081113.5.1mnb2.i586.rpm
18c069dfd92017cc17c8a551331a3eaf 2009.1/i586/glibc-doc-2.9-0.20081113.5.1mnb2.i586.rpm
bd189c9f42f0ab82c51008270c7ef528 2009.1/i586/glibc-doc-pdf-2.9-0.20081113.5.1mnb2.i586.rpm
0bf20dd082699af1cf8367d50411d7a8 2009.1/i586/glibc-i18ndata-2.9-0.20081113.5.1mnb2.i586.rpm
aa902e55d094c1b89b4947d0d66fed7d 2009.1/i586/glibc-profile-2.9-0.20081113.5.1mnb2.i586.rpm
d31d3539ca2ea996049003e4b727c4fa 2009.1/i586/glibc-static-devel-2.9-0.20081113.5.1mnb2.i586.rpm
c7029e5383461998105dbfe9786d35e2 2009.1/i586/glibc-utils-2.9-0.20081113.5.1mnb2.i586.rpm
c1390de4d47c90348a86deb3fb5fe29e 2009.1/i586/nscd-2.9-0.20081113.5.1mnb2.i586.rpm
b2bbbaeaccbc231398af8cb5668ecf0f 2009.1/SRPMS/glibc-2.9-0.20081113.5.1mnb2.src.rpm
Mandriva Linux 2009.1/X86_64:
c08cc51512927bedf87c0c2137e70d93 2009.1/x86_64/glibc-2.9-0.20081113.5.1mnb2.x86_64.rpm
979353ee28b8e88589df6230a35b3171 2009.1/x86_64/glibc-devel-2.9-0.20081113.5.1mnb2.x86_64.rpm
68a522d164ac4a9aca63917b8416b45d 2009.1/x86_64/glibc-doc-2.9-0.20081113.5.1mnb2.x86_64.rpm
249f206c1f605ffe03e2c6389ea0732e 2009.1/x86_64/glibc-doc-pdf-2.9-0.20081113.5.1mnb2.x86_64.rpm
9735ab8987c5b777863f746751a14fcf 2009.1/x86_64/glibc-i18ndata-2.9-0.20081113.5.1mnb2.x86_64.rpm
b842de4d1b093814f4b629824882a881 2009.1/x86_64/glibc-profile-2.9-0.20081113.5.1mnb2.x86_64.rpm
9f6956ea5db7d4973f022c0004a359e9 2009.1/x86_64/glibc-static-devel-2.9-0.20081113.5.1mnb2.x86_64.rpm
5ca59e2341d0b68744a0c5ebfb5224be 2009.1/x86_64/glibc-utils-2.9-0.20081113.5.1mnb2.x86_64.rpm
52c0ace264d3fca58917cae6991664bb 2009.1/x86_64/nscd-2.9-0.20081113.5.1mnb2.x86_64.rpm
b2bbbaeaccbc231398af8cb5668ecf0f 2009.1/SRPMS/glibc-2.9-0.20081113.5.1mnb2.src.rpm
Corporate 4.0:
5fd8807026249afa3f3ca01aba1f8c6a corporate/4.0/i586/glibc-2.3.6-4.2.20060mlcs4.i586.rpm
30844454a9e669373230c118019a1209 corporate/4.0/i586/glibc-devel-2.3.6-4.2.20060mlcs4.i586.rpm
9d7718a14dadc1bc4373a63e7d735df4 corporate/4.0/i586/glibc-doc-2.3.6-4.2.20060mlcs4.i586.rpm
e4b6c4f97a44fb47de07ef23182eca87 corporate/4.0/i586/glibc-doc-pdf-2.3.6-4.2.20060mlcs4.i586.rpm
aae618bc1340785682246f41dc91b86d corporate/4.0/i586/glibc-i18ndata-2.3.6-4.2.20060mlcs4.i586.rpm
af9ae88eddbe60591973e119d00dccf3 corporate/4.0/i586/glibc-profile-2.3.6-4.2.20060mlcs4.i586.rpm
f362e05c58bfe050ae0b89df80b0747d corporate/4.0/i586/glibc-static-devel-2.3.6-4.2.20060mlcs4.i586.rpm
b8af9c86eae73bb2db4faa8af76dd28d corporate/4.0/i586/glibc-utils-2.3.6-4.2.20060mlcs4.i586.rpm
051de1cbef9b89fbfa189c5dda7a6783 corporate/4.0/i586/ldconfig-2.3.6-4.2.20060mlcs4.i586.rpm
92c884effd58089aded82c88ab1183ac corporate/4.0/i586/nptl-devel-2.3.6-4.2.20060mlcs4.i586.rpm
38435ceabbd01854407f7cf0eaf0ded1 corporate/4.0/i586/nscd-2.3.6-4.2.20060mlcs4.i586.rpm
7f130bf64b8a854eb3cd795d6c27a6ac corporate/4.0/i586/timezone-2.3.6-4.2.20060mlcs4.i586.rpm
2d74557f84d7c715faaaa39510ebdce1 corporate/4.0/SRPMS/glibc-2.3.6-4.2.20060mlcs4.src.rpm
Corporate 4.0/X86_64:
753ee3add96c6696ca303fb2b6e3d7bb corporate/4.0/x86_64/glibc-2.3.6-4.2.20060mlcs4.x86_64.rpm
f780defc6098381fbe0b47361fbd1c9e corporate/4.0/x86_64/glibc-devel-2.3.6-4.2.20060mlcs4.x86_64.rpm
83d77ef5c9486cc3f03a2026e04c5ae1 corporate/4.0/x86_64/glibc-doc-2.3.6-4.2.20060mlcs4.x86_64.rpm
c0454d43761010e0876c8f9fd6c8bd9b corporate/4.0/x86_64/glibc-doc-pdf-2.3.6-4.2.20060mlcs4.x86_64.rpm
6ca9dd63443969278c1a7290b2516166 corporate/4.0/x86_64/glibc-i18ndata-2.3.6-4.2.20060mlcs4.x86_64.rpm
21e7b009dd600a4517eb40e821ffb491 corporate/4.0/x86_64/glibc-profile-2.3.6-4.2.20060mlcs4.x86_64.rpm
4ed1c77efc665c569d15d92e3e2ad56e corporate/4.0/x86_64/glibc-static-devel-2.3.6-4.2.20060mlcs4.x86_64.rpm
6c33731b82b85db66dccdf65a84057e0 corporate/4.0/x86_64/glibc-utils-2.3.6-4.2.20060mlcs4.x86_64.rpm
1825439f0db9148dcc6b3c4b7155f4d8 corporate/4.0/x86_64/ldconfig-2.3.6-4.2.20060mlcs4.x86_64.rpm
33fed6b0495dfbbcd835d640a63b84ea corporate/4.0/x86_64/nptl-devel-2.3.6-4.2.20060mlcs4.x86_64.rpm
a9ee80992e9d89d8850aa2a41c8bb344 corporate/4.0/x86_64/nscd-2.3.6-4.2.20060mlcs4.x86_64.rpm
bfb38484fa2d785e4062b0894b463678 corporate/4.0/x86_64/timezone-2.3.6-4.2.20060mlcs4.x86_64.rpm
2d74557f84d7c715faaaa39510ebdce1 corporate/4.0/SRPMS/glibc-2.3.6-4.2.20060mlcs4.src.rpm
Mandriva Enterprise Server 5:
78d3ec91dcb1ee5c3cd9cb99681d614b mes5/i586/glibc-2.8-1.20080520.5.5mnb2.i586.rpm
f13cada5b4f0e5b8a53911f9346c0299 mes5/i586/glibc-devel-2.8-1.20080520.5.5mnb2.i586.rpm
85c457d7ad80ea72f1adf93a53c7e76f mes5/i586/glibc-doc-2.8-1.20080520.5.5mnb2.i586.rpm
09eddacd8c1f87e80154c816105b6d1f mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.5mnb2.i586.rpm
33c84c7eb3590098407422745b5d49c1 mes5/i586/glibc-i18ndata-2.8-1.20080520.5.5mnb2.i586.rpm
192a6e6ebca465866c13d8a80bc28ed6 mes5/i586/glibc-profile-2.8-1.20080520.5.5mnb2.i586.rpm
15fc6188ab0637cae61692458a5cc55d mes5/i586/glibc-static-devel-2.8-1.20080520.5.5mnb2.i586.rpm
f89f43c819388fa9f6a5802d6c5645ff mes5/i586/glibc-utils-2.8-1.20080520.5.5mnb2.i586.rpm
3ff161e7f4a1b062ae83981583a60cf6 mes5/i586/nscd-2.8-1.20080520.5.5mnb2.i586.rpm
b6ca59de2297012e0a6d40c5838f719f mes5/SRPMS/glibc-2.8-1.20080520.5.5mnb2.src.rpm
Mandriva Enterprise Server 5/X86_64:
b41e4dd6f0ecb9c99933285e3d2c2809 mes5/x86_64/glibc-2.8-1.20080520.5.5mnb2.x86_64.rpm
3a0afb0eb8309641ee1f72a182477770 mes5/x86_64/glibc-devel-2.8-1.20080520.5.5mnb2.x86_64.rpm
625474833757a289450ae3d1bb5d0a14 mes5/x86_64/glibc-doc-2.8-1.20080520.5.5mnb2.x86_64.rpm
20f20e3a124c14bc43696aa4c0a05c8e mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.5mnb2.x86_64.rpm
dc5c70046207fb4bd9ad332d042f8450 mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.5mnb2.x86_64.rpm
e50c37ab3789c288089671b9e9d280cd mes5/x86_64/glibc-profile-2.8-1.20080520.5.5mnb2.x86_64.rpm
76a4270cfe2aac7bdc7dc1c335c8239d mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.5mnb2.x86_64.rpm
09f32a6c168e9d5e7f36d9b186c97da8 mes5/x86_64/glibc-utils-2.8-1.20080520.5.5mnb2.x86_64.rpm
fd97480329960e481a01e6f71b6687ac mes5/x86_64/nscd-2.8-1.20080520.5.5mnb2.x86_64.rpm
b6ca59de2297012e0a6d40c5838f719f mes5/SRPMS/glibc-2.8-1.20080520.5.5mnb2.src.rpm
Multi Network Firewall 2.0:
5b6db81692ab4e5164e8bcb14cffebab mnf/2.0/i586/glibc-2.3.3-12.10.100mdk.i586.rpm
d2065336a373bdbccb6465efd2fa09f2 mnf/2.0/i586/glibc-devel-2.3.3-12.10.100mdk.i586.rpm
1192b92c4cbc757ac0a6154c41784fb8 mnf/2.0/i586/glibc-doc-2.3.3-12.10.100mdk.i586.rpm
2c749f83fa4d6f5f7e8aea549f860905 mnf/2.0/i586/glibc-doc-pdf-2.3.3-12.10.100mdk.i586.rpm
93e6898b74e31a357ea48aef47245e71 mnf/2.0/i586/glibc-i18ndata-2.3.3-12.10.100mdk.i586.rpm
dc76ab0235d027ab2eb83625c99741b8 mnf/2.0/i586/glibc-profile-2.3.3-12.10.100mdk.i586.rpm
e0e0e5b4885526772cfcb7917d099a46 mnf/2.0/i586/glibc-static-devel-2.3.3-12.10.100mdk.i586.rpm
e947ee3c1b36fc33178c9885a5e6c308 mnf/2.0/i586/glibc-utils-2.3.3-12.10.100mdk.i586.rpm
ad793eb1c073b608ac08120bff5c582e mnf/2.0/i586/ldconfig-2.3.3-12.10.100mdk.i586.rpm
b57efefd913603ca0deac06de32233e9 mnf/2.0/i586/nptl-devel-2.3.3-12.10.100mdk.i586.rpm
9417bd9a3cf42275d8bdc1f4761397ab mnf/2.0/i586/nscd-2.3.3-12.10.100mdk.i586.rpm
85a9ed46d003581214b13051648289b7 mnf/2.0/i586/timezone-2.3.3-12.10.100mdk.i586.rpm
49ed670e6f336d49381ef9fe27c170fe mnf/2.0/SRPMS/glibc-2.3.3-12.10.100mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iD8DBQFMDkBMmqjQ0CJFipgRAm+4AJ9isnMfUuEozPQ7pXnllN4ZHWIqOgCeKWgz
sMpCsVrWgVEwC3ApL07K6ak=
=OT8N
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists