lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1RU3IS-0005rq-RO@titan.mandriva.com>
Date: Fri, 25 Nov 2011 22:27:00 +0100
From: security@...driva.com
To: full-disclosure@...ts.grok.org.uk
Subject: [ MDVSA-2011:178 ] glibc

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2011:178
 http://www.mandriva.com/security/
 _______________________________________________________________________

 Package : glibc
 Date    : November 25, 2011
 Affected: 2010.1, Enterprise Server 5.0
 _______________________________________________________________________

 Problem Description:

 Multiple vulnerabilities was discovered and fixed in glibc:
 
 Multiple untrusted search path vulnerabilities in elf/dl-object.c in
 certain modified versions of the GNU C Library (aka glibc or libc6),
 including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat
 Enterprise Linux, allow local users to gain privileges via a crafted
 dynamic shared object (DSO) in a subdirectory of the current working
 directory during execution of a (1) setuid or (2) setgid program that
 has  in (a) RPATH or (b) RUNPATH.  NOTE: this issue exists because
 of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).
 
 The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC
 (EGLIBC) allow context-dependent attackers to execute arbitrary code
 or cause a denial of service (memory consumption) via a long UTF8
 string that is used in an fnmatch call, aka a stack extension attack,
 a related issue to CVE-2010-2898, as originally reported for use of
 this library by Google Chrome (CVE-2011-1071).
 
 The addmntent function in the GNU C Library (aka glibc or libc6) 2.13
 and earlier does not report an error status for failed attempts to
 write to the /etc/mtab file, which makes it easier for local users
 to trigger corruption of this file, as demonstrated by writes from
 a process with a small RLIMIT_FSIZE value, a different vulnerability
 than CVE-2010-0296 (CVE-2011-1089).
 
 locale/programs/locale.c in locale in the GNU C Library (aka glibc
 or libc6) before 2.13 does not quote its output, which might allow
 local users to gain privileges via a crafted localization environment
 variable, in conjunction with a program that executes a script that
 uses the eval function (CVE-2011-1095).
 
 Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or
 libc6) 2.13 and earlier allows context-dependent attackers to cause a
 denial of service (application crash) via a long UTF8 string that is
 used in an fnmatch call with a crafted pattern argument, a different
 vulnerability than CVE-2011-1071 (CVE-2011-1659).
 
 crypt_blowfish before 1.1, as used in glibc on certain platforms,
 does not properly handle 8-bit characters, which makes it easier
 for context-dependent attackers to determine a cleartext password by
 leveraging knowledge of a password hash (CVE-2011-2483).
 
 The updated packages have been patched to correct these issues.
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1095
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
 _______________________________________________________________________

 Updated Packages:

 Mandriva Linux 2010.1:
 4af7f6efb12c5be3ad435a6d9865be57  2010.1/i586/glibc-2.11.1-8.3mnb2.i586.rpm
 82f97e43fc7ab7ee2fbfc92d9ed844f0  2010.1/i586/glibc-devel-2.11.1-8.3mnb2.i586.rpm
 013f4da3b270a6860e9ae171b456a488  2010.1/i586/glibc-doc-2.11.1-8.3mnb2.i586.rpm
 65da2025a253885a3a3e0699eb407a61  2010.1/i586/glibc-doc-pdf-2.11.1-8.3mnb2.i586.rpm
 e5b6f256bad2b8afa7674e2f4d3c80bc  2010.1/i586/glibc-i18ndata-2.11.1-8.3mnb2.i586.rpm
 319ecf5d08bc0e0aab9b0cf3e5cf6a6e  2010.1/i586/glibc-profile-2.11.1-8.3mnb2.i586.rpm
 99c144bfc7581d9f3b885c7a630c89ce  2010.1/i586/glibc-static-devel-2.11.1-8.3mnb2.i586.rpm
 966e023400d62e841942b69bae4d06de  2010.1/i586/glibc-utils-2.11.1-8.3mnb2.i586.rpm
 577f1f88b14add8ea8753b17d730cb8a  2010.1/i586/nscd-2.11.1-8.3mnb2.i586.rpm 
 2e1bffb07071cb21ef6363c21588f4b7  2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm

 Mandriva Linux 2010.1/X86_64:
 05e4da86aea47726b27c00e3f26e3445  2010.1/x86_64/glibc-2.11.1-8.3mnb2.x86_64.rpm
 d3689fe0a7ae8e4c0e309b34c82cabfd  2010.1/x86_64/glibc-devel-2.11.1-8.3mnb2.x86_64.rpm
 b8be4de2a9c6a8e3effe06234429a227  2010.1/x86_64/glibc-doc-2.11.1-8.3mnb2.x86_64.rpm
 1ac19950a67c4ee965b0ae9d2d6a0396  2010.1/x86_64/glibc-doc-pdf-2.11.1-8.3mnb2.x86_64.rpm
 54031c917cb54a5abc42ebaf30dfe894  2010.1/x86_64/glibc-i18ndata-2.11.1-8.3mnb2.x86_64.rpm
 18c2a1354df2094a7508b1990420ab5b  2010.1/x86_64/glibc-profile-2.11.1-8.3mnb2.x86_64.rpm
 f8cef0d317c3ccbb5446672a1cf00ad6  2010.1/x86_64/glibc-static-devel-2.11.1-8.3mnb2.x86_64.rpm
 78b27e0739627abebc7c43fbf82e107b  2010.1/x86_64/glibc-utils-2.11.1-8.3mnb2.x86_64.rpm
 e37194682e8ef10c21a8d8483e76b3f4  2010.1/x86_64/nscd-2.11.1-8.3mnb2.x86_64.rpm 
 2e1bffb07071cb21ef6363c21588f4b7  2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm

 Mandriva Enterprise Server 5:
 73cffaaa03648c9eb01ed50b5fdd0cee  mes5/i586/glibc-2.8-1.20080520.5.8mnb2.i586.rpm
 5e9ec7d6e3f319b5076dd51506d47032  mes5/i586/glibc-devel-2.8-1.20080520.5.8mnb2.i586.rpm
 c80b37f1a750968735f8ce51c920e84e  mes5/i586/glibc-doc-2.8-1.20080520.5.8mnb2.i586.rpm
 7de1f541c2bf6e17a4f3007cad517140  mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.i586.rpm
 27a365665846989b629b0cb3fb15acfd  mes5/i586/glibc-i18ndata-2.8-1.20080520.5.8mnb2.i586.rpm
 3f2f68a0bc47bace3586919671c7f1b4  mes5/i586/glibc-profile-2.8-1.20080520.5.8mnb2.i586.rpm
 17019cf79cf3864c537e12aefd48a23d  mes5/i586/glibc-static-devel-2.8-1.20080520.5.8mnb2.i586.rpm
 7ad8f634ee4e0c5fc0f340dcfebcf0fb  mes5/i586/glibc-utils-2.8-1.20080520.5.8mnb2.i586.rpm
 53a5dc175995723322a13a7e3bbd6c41  mes5/i586/nscd-2.8-1.20080520.5.8mnb2.i586.rpm 
 6fcd77d9eac9fa71f91dcb1218afd628  mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm

 Mandriva Enterprise Server 5/X86_64:
 33f73ece95aa39c59e0370449f13d3af  mes5/x86_64/glibc-2.8-1.20080520.5.8mnb2.x86_64.rpm
 626f8e4774270e50c5e9bf2bc7dfa64c  mes5/x86_64/glibc-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm
 c9d59258ac0fc0463c585405bb46327a  mes5/x86_64/glibc-doc-2.8-1.20080520.5.8mnb2.x86_64.rpm
 f81b494a1d394c48921c99983288c538  mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.x86_64.rpm
 1c972a49ecbfc91d0a156dd743894c14  mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.8mnb2.x86_64.rpm
 45aa431a8a9920d188698ae64fe5466d  mes5/x86_64/glibc-profile-2.8-1.20080520.5.8mnb2.x86_64.rpm
 ecf5dca4c8bc49c1e3ebeb2a698b38a3  mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm
 8de7d2dfa8ea598aac75faf24f606f13  mes5/x86_64/glibc-utils-2.8-1.20080520.5.8mnb2.x86_64.rpm
 7615c6e96903c8c146d5ae2d2912c6ee  mes5/x86_64/nscd-2.8-1.20080520.5.8mnb2.x86_64.rpm 
 6fcd77d9eac9fa71f91dcb1218afd628  mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrivaUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 All packages are signed by Mandriva for security.  You can obtain the
 GPG public key of the Mandriva Security Team by executing:

  gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

 You can view other update advisories for Mandriva Linux at:

  http://www.mandriva.com/security/advisories

 If you want to report vulnerabilities, please contact

  security_(at)_mandriva.com
 _______________________________________________________________________

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Mandriva Security Team
  <security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iD8DBQFOz9t8mqjQ0CJFipgRApgMAKDCqECazAj1XIHHxrkgU20PDJYFkgCgwVPy
TvvKkY3VN0Zc9M0LYEgkNUg=
=P3KM
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ