Advisories
Mandriva Advisories
|
 |
| Problem Description |
A bug was discovered in the getgrouplist function in glibc that can
cause a buffer overflow if the size of the group list is too small to
hold all the user's groups. This overflow can cause segementation
faults in various user applications, some of which may lead to
additional security problems. The problem can only be triggered if the
user is in a larger number of groups than expected by an application.
The provided packages are patched to address this issue.
| Updated Packages |
Mandrakelinux 9.0
e64b4f099e7cd715c5ff1fc895101821 9.0/RPMS/glibc-2.2.5-16.3.90mdk.i586.rpm 48a4f54fc49c39306a002633ae4495af 9.0/RPMS/glibc-devel-2.2.5-16.3.90mdk.i586.rpm 9db7115962de7c0680ce0de12ea1955c 9.0/RPMS/glibc-i18ndata-2.2.5-16.3.90mdk.i586.rpm c5fed843eb910c860e3af39e6583e3bb 9.0/RPMS/glibc-profile-2.2.5-16.3.90mdk.i586.rpm 2608fa069dfd563541f018742310d7b0 9.0/RPMS/glibc-static-devel-2.2.5-16.3.90mdk.i586.rpm 101574c95eeb7e8849f9ef0010afdec4 9.0/RPMS/glibc-utils-2.2.5-16.3.90mdk.i586.rpm 9c809b34abce979ef8cc2dea06a4b025 9.0/RPMS/ldconfig-2.2.5-16.3.90mdk.i586.rpm 2b04e51c90b79235ccfe673b123fbb9c 9.0/RPMS/nscd-2.2.5-16.3.90mdk.i586.rpm 386ac1d7f745c8deb1d3346cf86f7b51 9.0/RPMS/timezone-2.2.5-16.3.90mdk.i586.rpm 434a57fb27d0d12337bc579eaf89d1db 9.0/SRPMS/glibc-2.2.5-16.3.90mdk.src.rpm
Mandrakelinux 9.1
14b04c0c5abfcdeeb7ddcd99dff6f59c 9.1/RPMS/glibc-2.3.1-10.1.91mdk.i586.rpm db0399ed5e4e5932ccd68eb1d971e918 9.1/RPMS/glibc-debug-2.3.1-10.1.91mdk.i586.rpm 55e698783b2f00d56e74a6a0295ddc65 9.1/RPMS/glibc-devel-2.3.1-10.1.91mdk.i586.rpm 8d794fa39d989aff297eecddf8f3a89a 9.1/RPMS/glibc-i18ndata-2.3.1-10.1.91mdk.i586.rpm 28000c25d34f6b6136092840825009a8 9.1/RPMS/glibc-profile-2.3.1-10.1.91mdk.i586.rpm 2fd232922ed61aba14ca2da29948bfa5 9.1/RPMS/glibc-static-devel-2.3.1-10.1.91mdk.i586.rpm 93c16beb43e79147b89d89dc080dcc3c 9.1/RPMS/glibc-utils-2.3.1-10.1.91mdk.i586.rpm dde039c956d163bfd0d58729765acc0d 9.1/RPMS/ldconfig-2.3.1-10.1.91mdk.i586.rpm c4a00854f69004fdc8875ceae2a23cab 9.1/RPMS/nscd-2.3.1-10.1.91mdk.i586.rpm e8f5a1eddced3c8e63d2a00236468a0a 9.1/RPMS/timezone-2.3.1-10.1.91mdk.i586.rpm 6c7aa1aae0bc39f4211a3d0d1b9b79fa 9.1/SRPMS/glibc-2.3.1-10.1.91mdk.src.rpm
Mandrakelinux 9.1/PPC
bdacbfff4264a72f3106bd323597d668 ppc/9.1/RPMS/glibc-2.3.1-10.1.91mdk.ppc.rpm 1b3c15be2106be26ed3532a372f68e27 ppc/9.1/RPMS/glibc-debug-2.3.1-10.1.91mdk.ppc.rpm 5e08d596df7113323ae399c04328c091 ppc/9.1/RPMS/glibc-devel-2.3.1-10.1.91mdk.ppc.rpm 4a763d9d65729ae8523b3991561d8cdb ppc/9.1/RPMS/glibc-i18ndata-2.3.1-10.1.91mdk.ppc.rpm 5b856ef8b4e1fcba7b6ea4a04c158e87 ppc/9.1/RPMS/glibc-profile-2.3.1-10.1.91mdk.ppc.rpm 0f51825ee3c18bcb2feb3a8dd2739f46 ppc/9.1/RPMS/glibc-static-devel-2.3.1-10.1.91mdk.ppc.rpm 111efa86d73c156110a31eaa6bbe9f02 ppc/9.1/RPMS/glibc-utils-2.3.1-10.1.91mdk.ppc.rpm 0cfa1714f9ef4e1c62498d08ee5b3042 ppc/9.1/RPMS/ldconfig-2.3.1-10.1.91mdk.ppc.rpm c961c16bc6eef858083f6e42d5f875c1 ppc/9.1/RPMS/nscd-2.3.1-10.1.91mdk.ppc.rpm ea602b9406296fc2f198167924ab35cf ppc/9.1/RPMS/timezone-2.3.1-10.1.91mdk.ppc.rpm 6c7aa1aae0bc39f4211a3d0d1b9b79fa ppc/9.1/SRPMS/glibc-2.3.1-10.1.91mdk.src.rpm
Multi Network Firewall 8.2
058bc1cc39d9af370e6334de4d5ca892 mnf8.2/RPMS/glibc-2.2.4-26.3.M82mdk.i586.rpm b8feb768e9825ed998b46b90094543fd mnf8.2/RPMS/ldconfig-2.2.4-26.3.M82mdk.i586.rpm be3a063c275d0240395b433aef3a7ea4 mnf8.2/SRPMS/glibc-2.2.4-26.3.M82mdk.src.rpm
Corporate Server 2.1
a75afbeab6bb0af8312606a5206b649f corporate/2.1/RPMS/glibc-2.2.5-16.3.C21mdk.i586.rpm 0728825f51c3bbdd93c8f2573927c035 corporate/2.1/RPMS/glibc-devel-2.2.5-16.3.C21mdk.i586.rpm cb76d0a10f88a3194023065888e16a9e corporate/2.1/RPMS/glibc-i18ndata-2.2.5-16.3.C21mdk.i586.rpm 904f109cf66575c2eaa8e15a6f1ddee1 corporate/2.1/RPMS/glibc-profile-2.2.5-16.3.C21mdk.i586.rpm 007307c4d8a271f72a97fc97f7303ff5 corporate/2.1/RPMS/glibc-static-devel-2.2.5-16.3.C21mdk.i586.rpm 4c8a57e8fdc3acefb8daa6eeda23ba70 corporate/2.1/RPMS/glibc-utils-2.2.5-16.3.C21mdk.i586.rpm 76efd47f25ba60c9bbc567668a38e4ff corporate/2.1/RPMS/ldconfig-2.2.5-16.3.C21mdk.i586.rpm efd517e924eb066acd0856bb476f87af corporate/2.1/RPMS/nscd-2.2.5-16.3.C21mdk.i586.rpm 7c062ed74887835eba2f1a50a265b8c9 corporate/2.1/RPMS/timezone-2.2.5-16.3.C21mdk.i586.rpm 61f2d1b5fe0bc03cb0af9ef086c667bb corporate/2.1/SRPMS/glibc-2.2.5-16.3.C21mdk.src.rpm
Corporate Server 2.1/X86_64
5aae39182bab1d726180953a7cd8d792 x86_64/corporate/2.1/RPMS/glibc-2.2.5-28.1.C21mdk.x86_64.rpm d3486ac35ba3d078e737be31113475f0 x86_64/corporate/2.1/RPMS/glibc-debug-2.2.5-28.1.C21mdk.x86_64.rpm 939043df28c991d7b37b33fef3d0feb2 x86_64/corporate/2.1/RPMS/glibc-devel-2.2.5-28.1.C21mdk.x86_64.rpm c1b184cb452e4d60f268a4fc5f48e174 x86_64/corporate/2.1/RPMS/glibc-i18ndata-2.2.5-28.1.C21mdk.x86_64.rpm f2777101e2778fe7de39673220d7a069 x86_64/corporate/2.1/RPMS/glibc-profile-2.2.5-28.1.C21mdk.x86_64.rpm b2d191df43537f5f8e2e100b1de072ed x86_64/corporate/2.1/RPMS/glibc-static-devel-2.2.5-28.1.C21mdk.x86_64.rpm 083d9e44ce870e0d0ba2cea4c67963ec x86_64/corporate/2.1/RPMS/glibc-utils-2.2.5-28.1.C21mdk.x86_64.rpm 0e6f3655b336442eb80847d1e2be858a x86_64/corporate/2.1/RPMS/ldconfig-2.2.5-28.1.C21mdk.x86_64.rpm 059c6093ad5916e48a8786211a7ece0a x86_64/corporate/2.1/RPMS/nscd-2.2.5-28.1.C21mdk.x86_64.rpm e0a23600cbd0ceb7a44fd4e275b4f454 x86_64/corporate/2.1/RPMS/timezone-2.2.5-28.1.C21mdk.x86_64.rpm c4de027516cfb1c943656f3876c89c44 x86_64/corporate/2.1/SRPMS/glibc-2.2.5-28.1.C21mdk.src.rpm
| References |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689
| Upgrade |
To upgrade automatically, use MandrivaUpdate.
| Verification |
Please verify the update prior to upgrading to ensure the integrity of the downloaded package. You can do this with the command :
rpm --checksig package.rpm
You can get the GPG public key of the Mandriva Security Team to verify the GPG signature of each RPM.
If you use MandrivaUpdate, the verification of md5 checksum and GPG signature is performed automatically for you.