lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <87tyhfp6fc.fsf@mid.deneb.enyo.de>
Date: Tue, 11 Jan 2011 20:49:11 +0100
From: Florian Weimer <fw@...eb.enyo.de>
To: debian-security-announce@...ts.debian.org
Subject: [SECURITY] [DSA 2122-2] New glibc packages fix
	privilege escalation

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2122-2                   security@...ian.org
http://www.debian.org/security/                            Florian Weimer
January 11, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : glibc
Vulnerability  : missing input sanitization
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2010-3847 CVE-2010-3856

Colin Watson discovered that the update for stable relased in
DSA-2122-1 did not complete address the underlying security issue in
all possible scenarios.

For the stable distribution (lenny), this problem has been fixed in
version 2.7-18lenny7.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your glibc packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJNLLcQAAoJEL97/wQC1SS+WSMH/A6KQXibz6fGS2TfjwjVkYnz
hvnosvc27MJkZCA1t25DuCweeLJXWdgLTu1SloIga5TiA/F09C6TK4ve9inEvlfq
nJ5Ccod6UdPoPAkgYFVMgwV654LBPVhLMy4yWwObI5r75i03XkluMaQYLFazzlu3
PlEdsxSGZ0A2aMiZS7EVW38Xg2HzfPlcseQQ8/v2wnvG34svlviZQiA01OJxEqHc
mhNOCWKyCEskl50qI29/O6BiN0ZrujMkmiIlE4FaUwomHJlxXFlzv93ud/vZkzGY
wyefjykfpWZFiLJ8oW9eA9w0K/0/V+PugB5C7ub2kvMR1FeVfwnO2hcZe4NJSBM=
=h05m
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ