Advisories
Mandriva Advisories
|
 |
| Problem Description |
An integer overflow was discovered by eEye Digital Security in the
xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function
is part of the XDR encoder/decoder derived from Sun's RPC
implementation. Depending upon the application, this vulnerability
can cause buffer overflows and could possibly be exploited to execute
arbitray code.
The provided packages contain patches that correct this issue and all
users should upgrade. Please note that users of Mandrake Linux 9.1
already have this fix in the 9.1-released glibc packages.
| Updated Packages |
Mandrakelinux 7.2
acb953352afffca2dc29ed010be91932 7.2/RPMS/glibc-2.1.3-21.3mdk.i586.rpm 3e50546f83d4b83383c28db86a1ba777 7.2/RPMS/glibc-devel-2.1.3-21.3mdk.i586.rpm 0f701e32c98fe97b03c46275385632ef 7.2/RPMS/glibc-profile-2.1.3-21.3mdk.i586.rpm 3e0f1f9b5e107dbc19cf89e091318dfc 7.2/RPMS/nscd-2.1.3-21.3mdk.i586.rpm b30aea5137cd4c784575b52cd9f875a3 7.2/SRPMS/glibc-2.1.3-21.3mdk.src.rpm
Mandrakelinux 8.0
a2ff54ef6694ffd7ee59142533c5b5f5 8.0/RPMS/glibc-2.2.2-8.2mdk.i586.rpm 39cef3aa5d102167f2a79106c5b1536b 8.0/RPMS/glibc-devel-2.2.2-8.2mdk.i586.rpm c7382f8016708b0e2c9547eb3249c0bc 8.0/RPMS/glibc-profile-2.2.2-8.2mdk.i586.rpm 3e79f535c3e71453a6fc53a46f32fff1 8.0/RPMS/ldconfig-2.2.2-8.2mdk.i586.rpm 07cd092ebf75221a4f8a24db39f09542 8.0/RPMS/nscd-2.2.2-8.2mdk.i586.rpm 36fb2a30ad5d6ee07d5d874539e70d85 8.0/SRPMS/glibc-2.2.2-8.2mdk.src.rpm
Mandrakelinux 8.0/PPC
0b012387de8410b79c48008c8beb32cf ppc/8.0/RPMS/glibc-2.2.2-8.3mdk.ppc.rpm 493b643f3fe751824e47737506aeef76 ppc/8.0/RPMS/glibc-devel-2.2.2-8.3mdk.ppc.rpm 68ede0614ca228df205f0133fd66cb34 ppc/8.0/RPMS/glibc-profile-2.2.2-8.3mdk.ppc.rpm a7992d31f7c353130efbbc7d145a0400 ppc/8.0/RPMS/ldconfig-2.2.2-8.3mdk.ppc.rpm 3b6f97cab7ce099b50f40a33d5a969ff ppc/8.0/RPMS/nscd-2.2.2-8.3mdk.ppc.rpm e655a87e303145ef88decdd52a47e9c8 ppc/8.0/SRPMS/glibc-2.2.2-8.3mdk.src.rpm
Mandrakelinux 8.1
61bf068ce55c06aac41cac550c6dfd6f 8.1/RPMS/glibc-2.2.4-11.2mdk.i586.rpm ce71f422b2ef62da9c7b92eaf5bc06a8 8.1/RPMS/glibc-devel-2.2.4-11.2mdk.i586.rpm a6727cbc02c682b9da3b8f2f292eb03c 8.1/RPMS/glibc-profile-2.2.4-11.2mdk.i586.rpm 1c6aca0dd093a688aeffa4eac47b5f10 8.1/RPMS/ldconfig-2.2.4-11.2mdk.i586.rpm 3e4719889a937123b4333f7696c96f91 8.1/RPMS/nscd-2.2.4-11.2mdk.i586.rpm 02609dc8a440c49286ef78350cee0a0a 8.1/SRPMS/glibc-2.2.4-11.2mdk.src.rpm
Mandrakelinux 8.1/IA64
1278788a444d9d52085f6c1b658af6d1 ia64/8.1/RPMS/glibc-2.2.4-11.2mdk.ia64.rpm 4d4dbc0a7aec29956386a39fa3ce2219 ia64/8.1/RPMS/glibc-devel-2.2.4-11.2mdk.ia64.rpm 0a87136f928f9ba6d12d3297ac9a7987 ia64/8.1/RPMS/glibc-profile-2.2.4-11.2mdk.ia64.rpm 021f97c11b883a26b0602fcdc58a8579 ia64/8.1/RPMS/ldconfig-2.2.4-11.2mdk.ia64.rpm 373c179b887d50e424a83d370d8a7a4d ia64/8.1/RPMS/nscd-2.2.4-11.2mdk.ia64.rpm 02609dc8a440c49286ef78350cee0a0a ia64/8.1/SRPMS/glibc-2.2.4-11.2mdk.src.rpm
Mandrakelinux 8.2
c4bae027508cc5ed38322f792110fe11 8.2/RPMS/glibc-2.2.4-26.2mdk.i586.rpm e996ca5bfcc66f1267ec4ae12867ef51 8.2/RPMS/glibc-devel-2.2.4-26.2mdk.i586.rpm 0031799599addcc012377c37645ddf62 8.2/RPMS/glibc-profile-2.2.4-26.2mdk.i586.rpm aef5e7c143b6e49820ba47782caa3962 8.2/RPMS/ldconfig-2.2.4-26.2mdk.i586.rpm 4e27a1ce7247cfaaccaf698cd3618f40 8.2/RPMS/nscd-2.2.4-26.2mdk.i586.rpm 2e8a68d1f121fc28bb2a95fc92a1bc0e 8.2/SRPMS/glibc-2.2.4-26.2mdk.src.rpm
Mandrakelinux 8.2/PPC
059502fd3938751aaa97fd517ee03267 ppc/8.2/RPMS/glibc-2.2.4-26.2mdk.ppc.rpm ce8b3f48623c2443f5ef5af52059562a ppc/8.2/RPMS/glibc-devel-2.2.4-26.2mdk.ppc.rpm a0fbc2f29ef93d2b1cc1ab5b21206604 ppc/8.2/RPMS/glibc-profile-2.2.4-26.2mdk.ppc.rpm 39a67020999831896e40a36f0141d37e ppc/8.2/RPMS/ldconfig-2.2.4-26.2mdk.ppc.rpm da42f5d10598c07985d5ecf70e858c0e ppc/8.2/RPMS/nscd-2.2.4-26.2mdk.ppc.rpm 2e8a68d1f121fc28bb2a95fc92a1bc0e ppc/8.2/SRPMS/glibc-2.2.4-26.2mdk.src.rpm
Mandrakelinux 9.0
25f6972b98c2c3f98ec692d349ecd126 9.0/RPMS/glibc-2.2.5-16.2mdk.i586.rpm 957aa41e1333507cc95d8dfd785766fd 9.0/RPMS/glibc-devel-2.2.5-16.2mdk.i586.rpm 5f8ca9f4f827e1ea6058a95a50437d0c 9.0/RPMS/glibc-doc-2.2.5-16.2mdk.i586.rpm 2d1a6513423f63002bd4b8fcf2fe8f08 9.0/RPMS/glibc-doc-pdf-2.2.5-16.2mdk.i586.rpm ae92a5bfdefd1d4dd709747edfc17341 9.0/RPMS/glibc-i18ndata-2.2.5-16.2mdk.i586.rpm b06b38b273c1224302e4fb527a5030c7 9.0/RPMS/glibc-profile-2.2.5-16.2mdk.i586.rpm 4643da8aa99102b284d4d38da392b42e 9.0/RPMS/glibc-static-devel-2.2.5-16.2mdk.i586.rpm efad72ec8d4e803887f33520c2668055 9.0/RPMS/glibc-utils-2.2.5-16.2mdk.i586.rpm cc0bf7181b8e34d66c4894b1e0a980e8 9.0/RPMS/ldconfig-2.2.5-16.2mdk.i586.rpm 2d1f4ab36f4f6ff772e342c9486220ae 9.0/RPMS/nscd-2.2.5-16.2mdk.i586.rpm b5fc67e8528cddb681e6e1efc489f19a 9.0/RPMS/timezone-2.2.5-16.2mdk.i586.rpm 608409f53e07db8c6f8e7f83e60210a5 9.0/SRPMS/glibc-2.2.5-16.2mdk.src.rpm
Multi Network Firewall 8.2
c4bae027508cc5ed38322f792110fe11 mnf8.2/RPMS/glibc-2.2.4-26.2mdk.i586.rpm aef5e7c143b6e49820ba47782caa3962 mnf8.2/RPMS/ldconfig-2.2.4-26.2mdk.i586.rpm 2e8a68d1f121fc28bb2a95fc92a1bc0e mnf8.2/SRPMS/glibc-2.2.4-26.2mdk.src.rpm
Corporate Server 2.1
25f6972b98c2c3f98ec692d349ecd126 corporate/2.1/RPMS/glibc-2.2.5-16.2mdk.i586.rpm 957aa41e1333507cc95d8dfd785766fd corporate/2.1/RPMS/glibc-devel-2.2.5-16.2mdk.i586.rpm 5f8ca9f4f827e1ea6058a95a50437d0c corporate/2.1/RPMS/glibc-doc-2.2.5-16.2mdk.i586.rpm 2d1a6513423f63002bd4b8fcf2fe8f08 corporate/2.1/RPMS/glibc-doc-pdf-2.2.5-16.2mdk.i586.rpm ae92a5bfdefd1d4dd709747edfc17341 corporate/2.1/RPMS/glibc-i18ndata-2.2.5-16.2mdk.i586.rpm b06b38b273c1224302e4fb527a5030c7 corporate/2.1/RPMS/glibc-profile-2.2.5-16.2mdk.i586.rpm 4643da8aa99102b284d4d38da392b42e corporate/2.1/RPMS/glibc-static-devel-2.2.5-16.2mdk.i586.rpm efad72ec8d4e803887f33520c2668055 corporate/2.1/RPMS/glibc-utils-2.2.5-16.2mdk.i586.rpm cc0bf7181b8e34d66c4894b1e0a980e8 corporate/2.1/RPMS/ldconfig-2.2.5-16.2mdk.i586.rpm 2d1f4ab36f4f6ff772e342c9486220ae corporate/2.1/RPMS/nscd-2.2.5-16.2mdk.i586.rpm b5fc67e8528cddb681e6e1efc489f19a corporate/2.1/RPMS/timezone-2.2.5-16.2mdk.i586.rpm 608409f53e07db8c6f8e7f83e60210a5 corporate/2.1/SRPMS/glibc-2.2.5-16.2mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0028
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.