lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1P8gxx-0004Wt-Al@titan.mandriva.com>
Date: Thu, 21 Oct 2010 00:17:01 +0200
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2010:207 ] glibc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2010:207
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : glibc
 Date    : October 20, 2010
 Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
           Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 A vulnerability in the GNU C library (glibc) was discovered which
 could escalate the privilegies for local users (CVE-2010-3847).
 
 Packages for 2009.0 are provided as of the Extended Maintenance
 Program. Please visit this link to learn more:
 http://store.mandriva.com/product_info.php?cPath=149&products_id=490
 
 The updated packages have been patched to correct this issue.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2009.0:
 a4d39a7e052d7566860a9808fb6facab  2009.0/i586/glibc-2.8-1.20080520.5.6mnb2.i586.rpm
 421c40e60cdc3165836015e4e653abac  2009.0/i586/glibc-devel-2.8-1.20080520.5.6mnb2.i586.rpm
 5036dcf4cb2a3af14c25a8ce599f3f45  2009.0/i586/glibc-doc-2.8-1.20080520.5.6mnb2.i586.rpm
 ef7e05f7049a35724dddf4efab8eaaa3  2009.0/i586/glibc-doc-pdf-2.8-1.20080520.5.6mnb2.i586.rpm
 199d92c40f9af82609de470d29ceec0f  2009.0/i586/glibc-i18ndata-2.8-1.20080520.5.6mnb2.i586.rpm
 d1214e310c9a6e793128b52023613020  2009.0/i586/glibc-profile-2.8-1.20080520.5.6mnb2.i586.rpm
 b1f0d1ebb0cec942d9aaab22aa06bd9c  2009.0/i586/glibc-static-devel-2.8-1.20080520.5.6mnb2.i586.rpm
 3b58fc6a26b3ced44437bf52d8b9d94e  2009.0/i586/glibc-utils-2.8-1.20080520.5.6mnb2.i586.rpm
 b4e29fcc306460dbe823b5572fca514c  2009.0/i586/nscd-2.8-1.20080520.5.6mnb2.i586.rpm 
 92ae0463a364c2e884d1078a3aa8b51f  2009.0/SRPMS/glibc-2.8-1.20080520.5.6mnb2.src.rpm

 Mandriva Linux 2009.0/X86_64:
 8b5c248f35ce51d3997dd74399ba40ef  2009.0/x86_64/glibc-2.8-1.20080520.5.6mnb2.x86_64.rpm
 02dba59fe2f1a2914be5eedda88a256b  2009.0/x86_64/glibc-devel-2.8-1.20080520.5.6mnb2.x86_64.rpm
 fd8854aa8d8f8b76d19c67d8a6f6a250  2009.0/x86_64/glibc-doc-2.8-1.20080520.5.6mnb2.x86_64.rpm
 788a765c6da4f18a134213f9258735a2  2009.0/x86_64/glibc-doc-pdf-2.8-1.20080520.5.6mnb2.x86_64.rpm
 c47d540f6693aef1081b09891ae63273  2009.0/x86_64/glibc-i18ndata-2.8-1.20080520.5.6mnb2.x86_64.rpm
 d321cd114f1faa16609d7ac4af328ced  2009.0/x86_64/glibc-profile-2.8-1.20080520.5.6mnb2.x86_64.rpm
 ab7b888f9511ee837c841bc7fbc1309d  2009.0/x86_64/glibc-static-devel-2.8-1.20080520.5.6mnb2.x86_64.rpm
 0b954036474de55d963cc61244775917  2009.0/x86_64/glibc-utils-2.8-1.20080520.5.6mnb2.x86_64.rpm
 612d080403a930053d551f3f830cee70  2009.0/x86_64/nscd-2.8-1.20080520.5.6mnb2.x86_64.rpm 
 92ae0463a364c2e884d1078a3aa8b51f  2009.0/SRPMS/glibc-2.8-1.20080520.5.6mnb2.src.rpm

 Mandriva Linux 2009.1:
 802b179f33340868821e566a89f3d8f1  2009.1/i586/glibc-2.9-0.20081113.5.2mnb2.i586.rpm
 aa1a0d9970fc4a76bf00d046d60a92a8  2009.1/i586/glibc-devel-2.9-0.20081113.5.2mnb2.i586.rpm
 b14abc9b6dff62c2a57928b3e3c000d7  2009.1/i586/glibc-doc-2.9-0.20081113.5.2mnb2.i586.rpm
 4c9c422b2630e439acb71d27a48d0e34  2009.1/i586/glibc-doc-pdf-2.9-0.20081113.5.2mnb2.i586.rpm
 888038824df50ba3139faf675b8515a6  2009.1/i586/glibc-i18ndata-2.9-0.20081113.5.2mnb2.i586.rpm
 81d79610e6a14f031208583388182a5c  2009.1/i586/glibc-profile-2.9-0.20081113.5.2mnb2.i586.rpm
 7ead9afd350537a5871b64477e5195b2  2009.1/i586/glibc-static-devel-2.9-0.20081113.5.2mnb2.i586.rpm
 6a5d441c7cecee9d8e57f422d01875f8  2009.1/i586/glibc-utils-2.9-0.20081113.5.2mnb2.i586.rpm
 ea0ffbc86572d3074d402fb4a027a657  2009.1/i586/nscd-2.9-0.20081113.5.2mnb2.i586.rpm 
 f277c949afca2e6ce6943c08e9daab2b  2009.1/SRPMS/glibc-2.9-0.20081113.5.2mnb2.src.rpm

 Mandriva Linux 2009.1/X86_64:
 8666721c947b268a6de330ffcf956750  2009.1/x86_64/glibc-2.9-0.20081113.5.2mnb2.x86_64.rpm
 29efb1f632936e0ddc2749ecf3303557  2009.1/x86_64/glibc-devel-2.9-0.20081113.5.2mnb2.x86_64.rpm
 6476c89e1b2026f733a6931ac839af72  2009.1/x86_64/glibc-doc-2.9-0.20081113.5.2mnb2.x86_64.rpm
 74b0fae9bad6d648e129414f2ba60067  2009.1/x86_64/glibc-doc-pdf-2.9-0.20081113.5.2mnb2.x86_64.rpm
 cf76a25b44f53560934b96bb397ddd06  2009.1/x86_64/glibc-i18ndata-2.9-0.20081113.5.2mnb2.x86_64.rpm
 a50708ae5dbce5f10b0d637df9f14072  2009.1/x86_64/glibc-profile-2.9-0.20081113.5.2mnb2.x86_64.rpm
 519b1421644223a8fef671eaab928846  2009.1/x86_64/glibc-static-devel-2.9-0.20081113.5.2mnb2.x86_64.rpm
 74427b0af1a1b68f3003b521a53d7d51  2009.1/x86_64/glibc-utils-2.9-0.20081113.5.2mnb2.x86_64.rpm
 70f861cce4aa8674285b02dcfbc15296  2009.1/x86_64/nscd-2.9-0.20081113.5.2mnb2.x86_64.rpm 
 f277c949afca2e6ce6943c08e9daab2b  2009.1/SRPMS/glibc-2.9-0.20081113.5.2mnb2.src.rpm

 Mandriva Linux 2010.0:
 55f570c3ad78d91959c0797cf9f19493  2010.0/i586/glibc-2.10.1-6.6mnb2.i586.rpm
 461d5c034443c9e055c7ab99acea0aaa  2010.0/i586/glibc-devel-2.10.1-6.6mnb2.i586.rpm
 8bee7f5af50405191389f368db096361  2010.0/i586/glibc-doc-2.10.1-6.6mnb2.i586.rpm
 4aeaad1db7b9bf1b6efaf32ead79eaed  2010.0/i586/glibc-doc-pdf-2.10.1-6.6mnb2.i586.rpm
 87dddaf9c0324d953b630b2c2b869593  2010.0/i586/glibc-i18ndata-2.10.1-6.6mnb2.i586.rpm
 791ccd2ed7358373129d0c3cf7512df6  2010.0/i586/glibc-profile-2.10.1-6.6mnb2.i586.rpm
 585b5447d279babdf3b0cf7df8dff737  2010.0/i586/glibc-static-devel-2.10.1-6.6mnb2.i586.rpm
 99edf4391f194b028f44ea096ced58f9  2010.0/i586/glibc-utils-2.10.1-6.6mnb2.i586.rpm
 7d94e43fdf817318a436a05e692fe864  2010.0/i586/nscd-2.10.1-6.6mnb2.i586.rpm 
 f1a977e3df8485f503e7d38c46c3f7cf  2010.0/SRPMS/glibc-2.10.1-6.6mnb2.src.rpm

 Mandriva Linux 2010.0/X86_64:
 2cb370c961161662eb5fa27581a928ff  2010.0/x86_64/glibc-2.10.1-6.6mnb2.x86_64.rpm
 72713d1524c4c9dfae85f8da527ab455  2010.0/x86_64/glibc-devel-2.10.1-6.6mnb2.x86_64.rpm
 59d3b16e5d59efa6420504b6dc3d53f5  2010.0/x86_64/glibc-doc-2.10.1-6.6mnb2.x86_64.rpm
 a167dd710a5e7c8508f1c3267f60d969  2010.0/x86_64/glibc-doc-pdf-2.10.1-6.6mnb2.x86_64.rpm
 2ff60593413b03bfb020aa4887c2827d  2010.0/x86_64/glibc-i18ndata-2.10.1-6.6mnb2.x86_64.rpm
 4944728921be7872ce99f9aee774584a  2010.0/x86_64/glibc-profile-2.10.1-6.6mnb2.x86_64.rpm
 26fedcc6e0748793084851039dea8ce2  2010.0/x86_64/glibc-static-devel-2.10.1-6.6mnb2.x86_64.rpm
 ec059b86df9b2b7bd96ee33efa8143c9  2010.0/x86_64/glibc-utils-2.10.1-6.6mnb2.x86_64.rpm
 3a130d199bb74a3b4319bbfc4c662e5e  2010.0/x86_64/nscd-2.10.1-6.6mnb2.x86_64.rpm 
 f1a977e3df8485f503e7d38c46c3f7cf  2010.0/SRPMS/glibc-2.10.1-6.6mnb2.src.rpm

 Mandriva Linux 2010.1:
 9e6756f39308cb82721af9a393ad3f01  2010.1/i586/glibc-2.11.1-8.1mnb2.i586.rpm
 8ff5760768bcbc3c81bec33630a67dce  2010.1/i586/glibc-devel-2.11.1-8.1mnb2.i586.rpm
 012a57ec04d79c9c7256d8f745a184cb  2010.1/i586/glibc-doc-2.11.1-8.1mnb2.i586.rpm
 5b0c4083b0b54c18fd57eee6c439ab87  2010.1/i586/glibc-doc-pdf-2.11.1-8.1mnb2.i586.rpm
 9c58502b4b44006bb9dd53e494997752  2010.1/i586/glibc-i18ndata-2.11.1-8.1mnb2.i586.rpm
 600e1e8c29eefda204819b116aab3909  2010.1/i586/glibc-profile-2.11.1-8.1mnb2.i586.rpm
 0151ba3a9db9d74a1f5ab4acba3bdffd  2010.1/i586/glibc-static-devel-2.11.1-8.1mnb2.i586.rpm
 e03bd5ee69c0c27e7e55f03e757ad240  2010.1/i586/glibc-utils-2.11.1-8.1mnb2.i586.rpm
 38d9f77971ae3e663d4177939cf3e26c  2010.1/i586/nscd-2.11.1-8.1mnb2.i586.rpm 
 3f6685b949eb1b75efe40e4c492da5b2  2010.1/SRPMS/glibc-2.11.1-8.1mnb2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 3fb2d4ba03ea05fbf383bce9c918fb9f  2010.1/x86_64/glibc-2.11.1-8.1mnb2.x86_64.rpm
 fd6760dcfd7d0415db153b1a20efe7cd  2010.1/x86_64/glibc-devel-2.11.1-8.1mnb2.x86_64.rpm
 53f3fc371b761c4dae5eb9f4c3312f0a  2010.1/x86_64/glibc-doc-2.11.1-8.1mnb2.x86_64.rpm
 dc53a7ea64a488adb7dd1bd337dda835  2010.1/x86_64/glibc-doc-pdf-2.11.1-8.1mnb2.x86_64.rpm
 676de3350ca910a2d23bae0e6498d3a3  2010.1/x86_64/glibc-i18ndata-2.11.1-8.1mnb2.x86_64.rpm
 6c01cc1115a9b0b97b50ae1ae3d8a26b  2010.1/x86_64/glibc-profile-2.11.1-8.1mnb2.x86_64.rpm
 647707744cc66ab912cd2b341c15bc2d  2010.1/x86_64/glibc-static-devel-2.11.1-8.1mnb2.x86_64.rpm
 d075a7e7b4ce61f651e6333b9e094c06  2010.1/x86_64/glibc-utils-2.11.1-8.1mnb2.x86_64.rpm
 ed63cad1e47bc68b14e26e065edea104  2010.1/x86_64/nscd-2.11.1-8.1mnb2.x86_64.rpm 
 3f6685b949eb1b75efe40e4c492da5b2  2010.1/SRPMS/glibc-2.11.1-8.1mnb2.src.rpm

 Corporate 4.0:
 954c7fa4796eb96661670110927bf04e  corporate/4.0/i586/glibc-2.3.6-4.3.20060mlcs4.i586.rpm
 7844b1b3a5fcea5592714ef19f3ebb7a  corporate/4.0/i586/glibc-devel-2.3.6-4.3.20060mlcs4.i586.rpm
 2e744f6fac29b88dbbf44b431644eada  corporate/4.0/i586/glibc-doc-2.3.6-4.3.20060mlcs4.i586.rpm
 6e764e6966598fa92f28129ff08a259b  corporate/4.0/i586/glibc-doc-pdf-2.3.6-4.3.20060mlcs4.i586.rpm
 58f6f507708cf4c62ce1b9b64bac7339  corporate/4.0/i586/glibc-i18ndata-2.3.6-4.3.20060mlcs4.i586.rpm
 0726d5a973be9e94caf298ade74ebca7  corporate/4.0/i586/glibc-profile-2.3.6-4.3.20060mlcs4.i586.rpm
 c43e083f977ee4ccce227891259f64ff  corporate/4.0/i586/glibc-static-devel-2.3.6-4.3.20060mlcs4.i586.rpm
 19d3abef528b0ebce245f8d522f0ca1f  corporate/4.0/i586/glibc-utils-2.3.6-4.3.20060mlcs4.i586.rpm
 105fc8f187ab07b87def4e52c68b45a3  corporate/4.0/i586/ldconfig-2.3.6-4.3.20060mlcs4.i586.rpm
 5d7c07e0f9c6abf92633664afd301087  corporate/4.0/i586/nptl-devel-2.3.6-4.3.20060mlcs4.i586.rpm
 8d7349924d0a53f9567929b0a87317de  corporate/4.0/i586/nscd-2.3.6-4.3.20060mlcs4.i586.rpm 
 65fae4c5ea02d94ccd7fc4a72a5635bc  corporate/4.0/SRPMS/glibc-2.3.6-4.3.20060mlcs4.src.rpm

 Corporate 4.0/X86_64:
 cbf4e06b0564c49886f348d0224dc52d  corporate/4.0/x86_64/glibc-2.3.6-4.3.20060mlcs4.x86_64.rpm
 e0784311d11ab7c17f0740b29eb3c2f3  corporate/4.0/x86_64/glibc-devel-2.3.6-4.3.20060mlcs4.x86_64.rpm
 7ad0dfb37bfb00fc08e5c6d66e9f01bd  corporate/4.0/x86_64/glibc-doc-2.3.6-4.3.20060mlcs4.x86_64.rpm
 eda60dfec28e3a85f158714ec42d7ae3  corporate/4.0/x86_64/glibc-doc-pdf-2.3.6-4.3.20060mlcs4.x86_64.rpm
 1a2ad411439f6b140cbc6f6e82f8e749  corporate/4.0/x86_64/glibc-i18ndata-2.3.6-4.3.20060mlcs4.x86_64.rpm
 822beed8ac604a8f2ee8af0e2682ccd8  corporate/4.0/x86_64/glibc-profile-2.3.6-4.3.20060mlcs4.x86_64.rpm
 5d0f0642e7ab6983cfe4c32cf24d4018  corporate/4.0/x86_64/glibc-static-devel-2.3.6-4.3.20060mlcs4.x86_64.rpm
 2533bf85da955bde2cdbc8f13864d8bb  corporate/4.0/x86_64/glibc-utils-2.3.6-4.3.20060mlcs4.x86_64.rpm
 484402227eadfbbcde7dee3967c88c1f  corporate/4.0/x86_64/ldconfig-2.3.6-4.3.20060mlcs4.x86_64.rpm
 47549d339fb39d272b941ead96805ab9  corporate/4.0/x86_64/nptl-devel-2.3.6-4.3.20060mlcs4.x86_64.rpm
 239d6747993896fd28da6cdebc72cb95  corporate/4.0/x86_64/nscd-2.3.6-4.3.20060mlcs4.x86_64.rpm 
 65fae4c5ea02d94ccd7fc4a72a5635bc  corporate/4.0/SRPMS/glibc-2.3.6-4.3.20060mlcs4.src.rpm

 Mandriva Enterprise Server 5:
 546cdb658291860d33699bc3ade38c3f  mes5/i586/glibc-2.8-1.20080520.5.6mnb2.i586.rpm
 76f36515736c5780bcd9915de8afb17e  mes5/i586/glibc-devel-2.8-1.20080520.5.6mnb2.i586.rpm
 8e31d27ec488d3b8651d9f5783978185  mes5/i586/glibc-doc-2.8-1.20080520.5.6mnb2.i586.rpm
 04fe57ffa7ba67f8b6f0db555a25500c  mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.6mnb2.i586.rpm
 c69b0fae345c40c585923b9b625a2f21  mes5/i586/glibc-i18ndata-2.8-1.20080520.5.6mnb2.i586.rpm
 cccdff704b3ecfe45498460ae9aa9572  mes5/i586/glibc-profile-2.8-1.20080520.5.6mnb2.i586.rpm
 86b48858aa46fcf2cf453270e117311a  mes5/i586/glibc-static-devel-2.8-1.20080520.5.6mnb2.i586.rpm
 c307b635e06dff286871f07295d7ca23  mes5/i586/glibc-utils-2.8-1.20080520.5.6mnb2.i586.rpm
 2a5192418cc815d92e38c0b7a62fbc01  mes5/i586/nscd-2.8-1.20080520.5.6mnb2.i586.rpm 
 916d165d2665deccc30655d0f7f85bae  mes5/SRPMS/glibc-2.8-1.20080520.5.6mnb2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 811ae047841180c2028ac426a69d6e72  mes5/x86_64/glibc-2.8-1.20080520.5.6mnb2.x86_64.rpm
 377afd0b6673e71fc37697dede5a72e2  mes5/x86_64/glibc-devel-2.8-1.20080520.5.6mnb2.x86_64.rpm
 cf98a56094d67c47a44cbc482ac10e0a  mes5/x86_64/glibc-doc-2.8-1.20080520.5.6mnb2.x86_64.rpm
 9eb63f098b8288abbba2a1c2db096a06  mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.6mnb2.x86_64.rpm
 12fa3833f6daa50d0baf169f855ba29d  mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.6mnb2.x86_64.rpm
 645e92cb5d447a5614f8d54df4851e18  mes5/x86_64/glibc-profile-2.8-1.20080520.5.6mnb2.x86_64.rpm
 6902498ca74ec74d5f29980484800e5a  mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.6mnb2.x86_64.rpm
 40fa0bc5b61932dd96e0129930b759ed  mes5/x86_64/glibc-utils-2.8-1.20080520.5.6mnb2.x86_64.rpm
 744f9ebd9d4e6c17be419b88394c180c  mes5/x86_64/nscd-2.8-1.20080520.5.6mnb2.x86_64.rpm 
 916d165d2665deccc30655d0f7f85bae  mes5/SRPMS/glibc-2.8-1.20080520.5.6mnb2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMvzkSmqjQ0CJFipgRAsxhAKCXjvn+mLjD3jW9CjAMbJ0f63NgUgCg8JbV
Tv+YBX6HYdei+vm4D/Ykbrs=
=kVF6
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ