Date: Tue, 25 Mar 2003 18:45:46 +0100 From: Miguel Mendez <flynn@energyhq.homeip.net> To: ports@freebsd.org Subject: Fw: GLSA: glibc (200303-22) Message-ID: <20030325184546.143261d8.flynn@energyhq.homeip.net>
next in thread | raw e-mail | index | archive | help
--=.p:W,FG5QEPEfs/
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Hello porters,
Should we care about this? The advisory is for Gentoo, but our version
is 2.2.4, which seems to be vulnerable.
Begin forwarded message:
Date: Tue, 25 Mar 2003 09:50:09 +0100
From: Daniel Ahlberg <aliz@gentoo.org>
To: bugtraq@securityfocus.com
Subject: GLSA: glibc (200303-22)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- -
---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200303-22
- -
---------------------------------------------------------------------
PACKAGE : glibc
SUMMARY : integer overflow
DATE : 2003-03-25 08:49 UTC
EXPLOIT : remote
VERSIONS AFFECTED : <2.3.1-r4 (arm: <2.2.5-r8)
FIXED VERSION : >=2.3.1-r4 (arm: >=2.2.5-r8)
CVE : CAN-2003-0028
- -
---------------------------------------------------------------------
- From advisory:
"The xdrmem_getbytes() function in the XDR library provided by
Sun Microsystems contains an integer overflow. Depending on the
location and use of the vulnerable xdrmem_getbytes() routine, various
conditions may be presented that can permit an attacker to remotely
exploit a service using this vulnerable routine."
Read the full advisory at:
http://www.eeye.com/html/Research/Advisories/AD20030318.html
SOLUTION
It is recommended that all Gentoo Linux users who are running
sys-libs/glibc upgrade to
glibc-2.3.1-r4 (arm: glibc-2.2.5-r8) as follows:
emerge sync
emerge glibc
emerge clean
- -
---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz
- -
---------------------------------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+gBg5fT7nyhUpoZMRAp8SAJ0WL/EFzgcNRD6QwXIwKp60DYkhqQCfcoYt
+syEpAhdT1ab5c1DBZKMLwc=
=suct
-----END PGP SIGNATURE-----
--
Miguel Mendez - flynn@energyhq.homeip.net
GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt
EnergyHQ :: http://www.energyhq.tk
NetBSD :: One BSD to rule them all!
Tired of Spam? -> http://www.trustic.com
--=.p:W,FG5QEPEfs/
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (NetBSD)
iD8DBQE+gJXOnLctrNyFFPERAiszAJ9UR/2mOmEWtPsc4sCkUaTqEwlVMACfQQmV
8ZLMdtv4Oqz5DdRUr7Gernw=
=fsBE
-----END PGP SIGNATURE-----
--=.p:W,FG5QEPEfs/--
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030325184546.143261d8.flynn>