USN-4-1: Standard C library script vulnerabilities
Posted on: 10/28/2004 03:55 AM

A standard C library security update is available for Ubuntu Linux 4.10

==========================================================
Ubuntu Security Notice USN-4-1 October 27, 2004
Standard C library script vulnerabilities
CAN-2004-0968
==========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)

The following packages are affected:

libc6

The problem can be corrected by upgrading the affected package to version 2.3.2.ds1-13ubuntu2.2. In general, a standard system upgrade is sufficient to effect the necessary changes.

Details follow:

Recently, Trustix Secure Linux discovered some vulnerabilities in the libc6 package. The utilities "catchsegv" and "glibcbug" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.

Source archives:

http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1-13ubuntu2.2.diff.gz
Size/MD5: 1718601 cf6afbc349154329c272077c73ba9179
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1-13ubuntu2.2.dsc
Size/MD5: 1656 4c7cb8a913a57c4719b608c49c2d2b2e
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc_2.3.2.ds1.orig.tar.gz
Size/MD5: 13246448 b982bf6ad7ebc8622d3b81d51c44b78a

Architecture independent packages:

http://security.ubuntu.com/ubuntu/pool/main/g/glibc/glibc-doc_2.3.2.ds1-13ubuntu2.2_all.deb
Size/MD5: 3839054 c45aae7010692177a047dc68a0892f7c
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/locales_2.3.2.ds1-13ubuntu2.2_all.deb
Size/MD5: 3979842 272da092e74a39c4f15d10ddd1c3c2a0

amd64 architecture (Athlon64, Opteron, EM64T Xeon)

http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 9172938 0b62bf67b6b1ea70c2f1dce0a5a72e78
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 2961890 fca2ae9c057eefebceffc6eef5c44f8c
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 1318744 cae5a17fbbbf4d454aff91f028ba45bf
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 2429958 6111ed6e95b4d3106f516a0e910e6b7d
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
Size/MD5: 953804 8c92652345079beea4059c2bd02cf0f6
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 5424778 591e999cfc9de47e655365f2a6bd5407
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
Size/MD5: 8168 f007a3aa95bbe190e295ef04b98455b3
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_amd64.udeb
Size/MD5: 15960 a50daa05546194f6d0a30d02bdd666a4
http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_amd64.deb
Size/MD5: 90622 3251a57ba6896b412e270ef812500e08

i386 architecture (x86 compatible Intel/AMD)

http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 10199756 981e3d99127302b8955e0d0ecfc87189
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 2510202 4a0c6a6c253aeb99a9698c541de90db5
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-i686_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 944732 45839ff16f3668c6ef58a213c6d805b4
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 1015598 8c50383383de8d5f23236ce7211a0e11
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 1985400 3882b6b9f770ffe1e2bc3c7ab55c0c5e
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
Size/MD5: 691838 94ed23b75666c67bda94b9c07ce4a5a4
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 4844160 d5aebff13cd1eb6f4e29d68c38cd60ae
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
Size/MD5: 7702 03de6798940e807729f30a62aac2f7ec
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_i386.udeb
Size/MD5: 13426 b932f23a4f9c3d776c6a7c26612a44d8
http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_i386.deb
Size/MD5: 88312 99d91c0cf770b202b37ed8ae0b131ed4

powerpc architecture (Apple Macintosh G3/G4/G5)

http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dbg_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 9216664 64ef82237a246fa888980efa4ea3fe76
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-dev_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 3068930 ce32157ff282f9f48ffeba47bc4a7cc9
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-pic_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 1272340 804072cb7e38a128ab022f05c88bc456
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-prof_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 2582898 2c84b6bf455a4a7c3742307bb8c87c00
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
Size/MD5: 946680 0ea82c88731a21d61b3a633b4eaffda8
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libc6_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 4213364 4f0c8de536cd48d333e52cde5aa5a0e3
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-dns-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
Size/MD5: 8194 e90b76a0e762d97deddee338ea46c475
http://security.ubuntu.com/ubuntu/pool/main/g/glibc/libnss-files-udeb_2.3.2.ds1-13ubuntu2.2_powerpc.udeb
Size/MD5: 14766 82dcd7f1abfac39464135522a96f1d42
http://security.ubuntu.com/ubuntu/pool/universe/g/glibc/nscd_2.3.2.ds1-13ubuntu2.2_powerpc.deb
Size/MD5: 89468 1debcc6600d1c3d4e60b1156178f99c7


Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/usn_4_1_standard_c_library_script_vulnerabilities.html)