MDKSA-2004:159 - Updated glibc packages fix temporary file vulnerability
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandrakelinux Security Update Advisory
_______________________________________________________________________
Package name: glibc
Advisory ID: MDKSA-2004:159
Date: December 29th, 2004
Affected versions: 10.0, 10.1
______________________________________________________________________
Problem Description:
The Trustix developers discovered that the catchsegv and glibcbug
utilities, part of the glibc package, created temporary files in an
insecure manner. This could allow for a symlink attack to create or
overwrite arbitrary files with the privileges of the user invoking the
program.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0968
______________________________________________________________________
Updated Packages:
Mandrakelinux 10.0:
d3c0d6fae4d7929830090e8c91466951 10.0/RPMS/glibc-2.3.3-12.8.100mdk.i586.rpm
478aecbe69470a0466c0b6f685e63282
10.0/RPMS/glibc-debug-2.3.3-12.8.100mdk.i586.rpm
29313f60b5702b00eb709781f47b2d39
10.0/RPMS/glibc-devel-2.3.3-12.8.100mdk.i586.rpm
b4e97a220b40a2641bd3285bf2fc990d
10.0/RPMS/glibc-doc-2.3.3-12.8.100mdk.i586.rpm
b360e6de9b0dc63a7360597b345eb113
10.0/RPMS/glibc-doc-pdf-2.3.3-12.8.100mdk.i586.rpm
d40de60e1c3021267abe117bf2568b04
10.0/RPMS/glibc-i18ndata-2.3.3-12.8.100mdk.i586.rpm
21965846712d7db2a19c581a4998dc8c
10.0/RPMS/glibc-profile-2.3.3-12.8.100mdk.i586.rpm
1df7c34978d7f23e062e2145d75fcd94
10.0/RPMS/glibc-static-devel-2.3.3-12.8.100mdk.i586.rpm
18cd827de946a15585316e1aedc7f516
10.0/RPMS/glibc-utils-2.3.3-12.8.100mdk.i586.rpm
5556bc2a07cfb6c7596f8651709e26a3 10.0/RPMS/ldconfig-2.3.3-12.8.100mdk.i586.rpm
78ada3afab77a2eb0bf69f22e6913a61
10.0/RPMS/nptl-devel-2.3.3-12.8.100mdk.i586.rpm
33eb2a77406744a96f0b62ac99e6c6b5 10.0/RPMS/nscd-2.3.3-12.8.100mdk.i586.rpm
e0f8c3de9f84b2a2517e9e436c9d78ad 10.0/RPMS/timezone-2.3.3-12.8.100mdk.i586.rpm
29e42ae1c249e1e44676356d65e48e8c 10.0/SRPMS/glibc-2.3.3-12.8.100mdk.src.rpm
Mandrakelinux 10.0/AMD64:
8f497e10e0fdb577a98e836b599b6ba6
amd64/10.0/RPMS/glibc-2.3.3-12.8.100mdk.amd64.rpm
85f8288b5b457e99d07157160ea57d99
amd64/10.0/RPMS/glibc-debug-2.3.3-12.8.100mdk.amd64.rpm
24d3105e9a8604c24490d2f798d2d905
amd64/10.0/RPMS/glibc-devel-2.3.3-12.8.100mdk.amd64.rpm
0ba375ae866a114ac133419b1fcd6977
amd64/10.0/RPMS/glibc-doc-2.3.3-12.8.100mdk.amd64.rpm
240367c5128ac78428c67a84207892ec
amd64/10.0/RPMS/glibc-doc-pdf-2.3.3-12.8.100mdk.amd64.rpm
fcdd0f7867c325e4e56282e8ee038cf5
amd64/10.0/RPMS/glibc-i18ndata-2.3.3-12.8.100mdk.amd64.rpm
335c67618af7d5bc6ee78b535250fa32
amd64/10.0/RPMS/glibc-profile-2.3.3-12.8.100mdk.amd64.rpm
f513e41b3c9cf834878e82a302031b94
amd64/10.0/RPMS/glibc-static-devel-2.3.3-12.8.100mdk.amd64.rpm
5ecd5b9c15f28464ef1f0a7a42cb49e2
amd64/10.0/RPMS/glibc-utils-2.3.3-12.8.100mdk.amd64.rpm
3f55bcf134eb71f267c0894a50cfc8ee
amd64/10.0/RPMS/ldconfig-2.3.3-12.8.100mdk.amd64.rpm
1f64867fe40119309070d2f9cd33f274
amd64/10.0/RPMS/nptl-devel-2.3.3-12.8.100mdk.amd64.rpm
1f93d5f94052b52a2b42c3f057b24a45
amd64/10.0/RPMS/nscd-2.3.3-12.8.100mdk.amd64.rpm
a9f02cf82620c6e74341be95bd74b9b6
amd64/10.0/RPMS/timezone-2.3.3-12.8.100mdk.amd64.rpm
29e42ae1c249e1e44676356d65e48e8c
amd64/10.0/SRPMS/glibc-2.3.3-12.8.100mdk.src.rpm
Mandrakelinux 10.1:
1bfd1552a89e67230d560837e8a52be8 10.1/RPMS/glibc-2.3.3-23.1.101mdk.i586.rpm
feaefe712886221650ee11c17c2ee60c
10.1/RPMS/glibc-debug-2.3.3-23.1.101mdk.i586.rpm
363152222d78953d66a1ab907422c362
10.1/RPMS/glibc-devel-2.3.3-23.1.101mdk.i586.rpm
c396e0fa56bf99514947db942f603a93
10.1/RPMS/glibc-doc-2.3.3-23.1.101mdk.i586.rpm
0af69cde9a1ee5a9880ab20a4084ec40
10.1/RPMS/glibc-doc-pdf-2.3.3-23.1.101mdk.i586.rpm
36af3cda588047bdd0438ab99fc5172a
10.1/RPMS/glibc-i18ndata-2.3.3-23.1.101mdk.i586.rpm
e2221cb00b488d72cf4c61302771a639
10.1/RPMS/glibc-profile-2.3.3-23.1.101mdk.i586.rpm
c9eeea5047ce49a11299f038cce43cf2
10.1/RPMS/glibc-static-devel-2.3.3-23.1.101mdk.i586.rpm
62d1c85236fdc348d5bb8ffc763d43ad
10.1/RPMS/glibc-utils-2.3.3-23.1.101mdk.i586.rpm
db0df09231bf64cb7aa70c771e15599a 10.1/RPMS/ldconfig-2.3.3-23.1.101mdk.i586.rpm
3aadb015bad4d08bbae72469836f4d05
10.1/RPMS/nptl-devel-2.3.3-23.1.101mdk.i586.rpm
a5fcb4e74b84d4fc9d645652527e20d5 10.1/RPMS/nscd-2.3.3-23.1.101mdk.i586.rpm
47d6540793020f021bfc9c0b9f3b2276 10.1/RPMS/timezone-2.3.3-23.1.101mdk.i586.rpm
0734f25c465b9ebcf39180a6fdf44d53 10.1/SRPMS/glibc-2.3.3-23.1.101mdk.src.rpm
Mandrakelinux 10.1/X86_64:
387ea4a78ad359905011f180d821b258
x86_64/10.1/RPMS/glibc-2.3.3-23.1.101mdk.x86_64.rpm
622a53d71f3ffdbd80b6adbec1a53d03
x86_64/10.1/RPMS/glibc-debug-2.3.3-23.1.101mdk.x86_64.rpm
ecbf0ca4f665927cebef470f4b5b0aa2
x86_64/10.1/RPMS/glibc-devel-2.3.3-23.1.101mdk.x86_64.rpm
bcc5d43efc32b2a3722ab8bac7c086fb
x86_64/10.1/RPMS/glibc-doc-2.3.3-23.1.101mdk.x86_64.rpm
0650cc94e3ff7d3441e196875924ac9e
x86_64/10.1/RPMS/glibc-doc-pdf-2.3.3-23.1.101mdk.x86_64.rpm
72b508b5295d72a8b96c3fe78efa6007
x86_64/10.1/RPMS/glibc-i18ndata-2.3.3-23.1.101mdk.x86_64.rpm
e6a8a85bc80f481cbb9c2c29dd9ae1f6
x86_64/10.1/RPMS/glibc-profile-2.3.3-23.1.101mdk.x86_64.rpm
545a8840739ae3716f6234868e5de16f
x86_64/10.1/RPMS/glibc-static-devel-2.3.3-23.1.101mdk.x86_64.rpm
b396d0af7a534763db7359b26c950448
x86_64/10.1/RPMS/glibc-utils-2.3.3-23.1.101mdk.x86_64.rpm
6fdedd56d68856e638fe1f6dcaea6f17
x86_64/10.1/RPMS/ldconfig-2.3.3-23.1.101mdk.x86_64.rpm
e2ef0b1a4d2e492328a7d408878c13d7
x86_64/10.1/RPMS/nptl-devel-2.3.3-23.1.101mdk.x86_64.rpm
37edf16413ba9f036ba5434f31832881
x86_64/10.1/RPMS/nscd-2.3.3-23.1.101mdk.x86_64.rpm
68b7cdb358e9fbd38eba38dbb9216eed
x86_64/10.1/RPMS/timezone-2.3.3-23.1.101mdk.x86_64.rpm
0734f25c465b9ebcf39180a6fdf44d53
x86_64/10.1/SRPMS/glibc-2.3.3-23.1.101mdk.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandrakesoft for security. You can obtain
the GPG public key of the Mandrakelinux Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandrakelinux at:
http://www.mandrakesoft.com/security/advisories
If you want to report vulnerabilities, please contact
security_linux-mandrake.com
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Linux Mandrake Security Team
<security linux-mandrake.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFB03T2mqjQ0CJFipgRAsGxAJ4w5MrLm/iq1meYV9yMg8sMbCHbrgCguhSR
l+3oHXol5pgiVuE/RyjXBH0=
=gAsH
-----END PGP SIGNATURE-----