MDKSA-2004:009 - Updated glibc packages fix resolver vulnerabilities
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrake Linux Security Update Advisory
_______________________________________________________________________
Package name: glibc
Advisory ID: MDKSA-2004:009
Date: February 4th, 2004
Affected versions: 9.0, Corporate Server 2.1,
Multi Network Firewall 8.2
______________________________________________________________________
Problem Description:
A read buffer overflow vulnerability exists in the resolver code in
versions of glibc up to and including 2.2.5. The vulnerability is
triggered by DNS packets larger than 1024 bytes, which can cause an
application to crash.
The updated packages have a patch applied to correct the problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146
http://www.kb.cert.org/vuls/id/738331
______________________________________________________________________
Updated Packages:
Corporate Server 2.1:
07bed44311d5e47e1413674de9d4bddc
corporate/2.1/RPMS/glibc-2.2.5-16.4.C21mdk.i586.rpm
208319aa05dfb74d68e568776a060cb3
corporate/2.1/RPMS/glibc-devel-2.2.5-16.4.C21mdk.i586.rpm
ecc340738dea3ca5a42579e7ace0890b
corporate/2.1/RPMS/glibc-i18ndata-2.2.5-16.4.C21mdk.i586.rpm
15429acff890e04ff61c63e5a83836d5
corporate/2.1/RPMS/glibc-profile-2.2.5-16.4.C21mdk.i586.rpm
e34f310444a8aeebcedc4f2a6c79e354
corporate/2.1/RPMS/glibc-static-devel-2.2.5-16.4.C21mdk.i586.rpm
9d0d6658108caec33a4d546ec35c1e07
corporate/2.1/RPMS/glibc-utils-2.2.5-16.4.C21mdk.i586.rpm
d58b0309793d0ac67df966f709e0ad07
corporate/2.1/RPMS/ldconfig-2.2.5-16.4.C21mdk.i586.rpm
e8ccb93c65d8d0346237bf168bbf1b66
corporate/2.1/RPMS/nscd-2.2.5-16.4.C21mdk.i586.rpm
df1c534f7b2b8a64a35f9d3450c536b8
corporate/2.1/SRPMS/glibc-2.2.5-16.4.C21mdk.src.rpm
Corporate Server 2.1/x86_64:
c2eae1a7e73f8ebc8e5dd3038300fb4d
x86_64/corporate/2.1/RPMS/glibc-2.2.5-28.2.C21mdk.x86_64.rpm
1d2e9ca83e428fe8bbce0b036da9a27d
x86_64/corporate/2.1/RPMS/glibc-debug-2.2.5-28.2.C21mdk.x86_64.rpm
23804843b092a6b312c5663afd7ff7bd
x86_64/corporate/2.1/RPMS/glibc-devel-2.2.5-28.2.C21mdk.x86_64.rpm
1fc574b7d06650eac265d0741d30e65a
x86_64/corporate/2.1/RPMS/glibc-i18ndata-2.2.5-28.2.C21mdk.x86_64.rpm
3b0e773f4f57ff1d50b40c7c167dac4f
x86_64/corporate/2.1/RPMS/glibc-profile-2.2.5-28.2.C21mdk.x86_64.rpm
97096cf852834a722e5ea9834eb93452
x86_64/corporate/2.1/RPMS/glibc-static-devel-2.2.5-28.2.C21mdk.x86_64.rpm
37c7eff91489b83d16c755286a0ed3c6
x86_64/corporate/2.1/RPMS/glibc-utils-2.2.5-28.2.C21mdk.x86_64.rpm
c6495adb2f79fc59e7bee995163239b0
x86_64/corporate/2.1/RPMS/ldconfig-2.2.5-28.2.C21mdk.x86_64.rpm
0d7ccd741fa5117098b14f70aec5b16e
x86_64/corporate/2.1/RPMS/nscd-2.2.5-28.2.C21mdk.x86_64.rpm
5579905afbddfa7aebbd409672500b9b
x86_64/corporate/2.1/SRPMS/glibc-2.2.5-28.2.C21mdk.src.rpm
Mandrake Linux 9.0:
ad05f4c8330197f97e17fc0e25a92cd5 9.0/RPMS/glibc-2.2.5-16.4.90mdk.i586.rpm
05a7bc63e055a995235880fe5f258875
9.0/RPMS/glibc-devel-2.2.5-16.4.90mdk.i586.rpm
3caefcf6e6632883252140c988270ceb
9.0/RPMS/glibc-i18ndata-2.2.5-16.4.90mdk.i586.rpm
7efbb7e9531907c5fa2b7d81b9c2fc95
9.0/RPMS/glibc-profile-2.2.5-16.4.90mdk.i586.rpm
dfdc7f7f630c03ed478490a9d4c0e5fc
9.0/RPMS/glibc-static-devel-2.2.5-16.4.90mdk.i586.rpm
d208fc8a88841816ab8b094bf993a743
9.0/RPMS/glibc-utils-2.2.5-16.4.90mdk.i586.rpm
e263e2ea3b1d4e30b396c096fd5b51b0 9.0/RPMS/ldconfig-2.2.5-16.4.90mdk.i586.rpm
0293e531e2ce1b3d07cf89a66f6efa25 9.0/RPMS/nscd-2.2.5-16.4.90mdk.i586.rpm
180a63e3d7a4bba7e8a9ec967b5a8621 9.0/SRPMS/glibc-2.2.5-16.4.90mdk.src.rpm
Multi Network Firewall 8.2:
1c88e2c7ed623d90db090fefd746e2f8 mnf8.2/RPMS/glibc-2.2.4-26.4.M82mdk.i586.rpm
eafddda3784fda7c9dabffd892940516
mnf8.2/RPMS/ldconfig-2.2.4-26.4.M82mdk.i586.rpm
32d4267354481e77001b1fc252dc234e mnf8.2/SRPMS/glibc-2.2.4-26.4.M82mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
A list of FTP mirrors can be obtained from:
http://www.mandrakesecure.net/en/ftp.php
All packages are signed by MandrakeSoft for security. You can obtain
the GPG public key of the Mandrake Linux Security Team by executing:
gpg --recv-keys --keyserver www.mandrakesecure.net 0x22458A98
Please be aware that sometimes it takes the mirrors a few hours to
update.
You can view other update advisories for Mandrake Linux at:
http://www.mandrakesecure.net/en/advisories/
MandrakeSoft has several security-related mailing list services that
anyone can subscribe to. Information on these lists can be obtained by
visiting:
http://www.mandrakesecure.net/en/mlist.php
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFAIaGDmqjQ0CJFipgRAsC+AKDq9lQaZox0arEe7b+iO12qt+H7rgCgjXhk
v4VQx5ecm/g6tIpw8YyI2t8=
=Mgh0
-----END PGP SIGNATURE-----