From: Immunix Security Team <security@wirex.com>
To: bugtraq@securityfocus.com, linsec@lists.seifried.org,
security-alerts@linuxsecurity.com, immunix-announce@immunix.org
Subject: Immunix OS 7.0 glibc update
Date: Wed, 19 Dec 2001 17:46:53 -0800
-----------------------------------------------------------------------
Immunix OS Security Advisory
Packages updated: glibc, nscd
Affected products: Immunix OS 7.0
Bugs fixed: immunix/1892, immunix/1893
Date: Wed Dec 19 2001
Advisory ID: IMNX-2001-70-037-01
Author: Seth Arnold <sarnold@wirex.com>
-----------------------------------------------------------------------
Description:
This update to glibc (and the associated name service cache daemon,
nscd) fixes two security problems. The first problem is a race
condition in the fts(3) routines that traverse directory structures
which allowed malicious users to cause other processes to 'break out
of' the file heirarchy. The second problem is in the glob(3) routine;
it is a combination of a buffer overflow and an incorrectly free()d
buffer.
The fts(3) problem was discovered by Nick Cleaton. The glob(3) problem
was discovered simultaneously by several people, including script0r,
Flávio Veloso, and Jakub Jelinek. Tom Parker also discovered that the
glob(3) problem is exploitable. Flávio Veloso and Jakub Jelinek helped
fix the glob(3) problems, and it appears that Kris Kennaway, Todd
Miller, and Ulrich Drepper are primarily responsible for the fts(3)
fixes.
We recommend all Immunix 7.0 users upgrade glibc and nscd with these
packages.
References:
http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html
http://www.securityfocus.com/archive/1/245956
http://lists.progeny.com/archive/progeny-security-announce/2001/msg00024.html
Package names and locations:
Precompiled binary packages for Immunix 7.0 are available at:
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/glibc-2.2-12_imnx_12.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/glibc-common-2.2-12_imnx_12.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/glibc-devel-2.2-12_imnx_12.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/glibc-profile-2.2-12_imnx_12.i386.rpm
http://download.immunix.org/ImmunixOS/7.0/updates/RPMS/nscd-2.2-12_imnx_12.i386.rpm
Source package for Immunix 7.0 is available at:
http://download.immunix.org/ImmunixOS/7.0/updates/SRPMS/glibc-2.2-12_imnx_12.src.rpm
Immunix OS 7.0 md5sums:
2a05dcc3e3f58f426e628a5fed0fd2ac RPMS/glibc-2.2-12_imnx_12.i386.rpm
2d84dd833ceab77f00f452f7543a4b48 RPMS/glibc-common-2.2-12_imnx_12.i386.rpm
43648b8c310bbb080745a6d8a1b35f7e RPMS/glibc-devel-2.2-12_imnx_12.i386.rpm
ee13dd6fc866d841bfa4d2755397e942 RPMS/glibc-profile-2.2-12_imnx_12.i386.rpm
14822515526ef18387b3e3fdf4b2845a RPMS/nscd-2.2-12_imnx_12.i386.rpm
7e378043c28aeee30f8270663f5faf82 SRPMS/glibc-2.2-12_imnx_12.src.rpm
GPG verification:
Our public key is available at <http://wirex.com/security/GPG_KEY>.
*** NOTE *** This key is different from the one used in advisories
IMNX-2001-70-020-01 and earlier.
Online version of all Immunix 6.2 updates and advisories:
http://immunix.org/ImmunixOS/6.2/updates/
Online version of all Immunix 7.0-beta updates and advisories:
http://immunix.org/ImmunixOS/7.0-beta/updates/
Online version of all Immunix 7.0 updates and advisories:
http://immunix.org/ImmunixOS/7.0/updates/
NOTE:
Ibiblio is graciously mirroring our updates, so if the links above are
slow, please try:
ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
or one of the many mirrors available at:
http://www.ibiblio.org/pub/Linux/MIRRORS.html
ImmunixOS 6.2 is no longer officially supported.
Contact information:
To report vulnerabilities, please contact security@wirex.com. WireX
attempts to conform to the RFP vulnerability disclosure protocol
<http://www.wiretrip.net/rfp/policy.html>.