[Full-Disclosure] [RHSA-2002:197-06] Updated glibc packages fix vulnerabilities in resolver

From: bugzillaat_private
Date: Thu Oct 03 2002 - 23:23:18 PDT

  • Next message: bugzillaat_private: "[Full-Disclosure] [RHSA-2002:175-16] Updated nss_ldap packages fix buffer overflow" 

    ---------------------------------------------------------------------
                   Red Hat, Inc. Red Hat Security Advisory

Synopsis:          Updated glibc packages fix vulnerabilities in resolver
Advisory ID:       RHSA-2002:197-06
Issue date:        2002-09-10
Updated on:        2002-10-03
Product:           Red Hat Linux
Keywords:          glibc resolv DNS
Cross references:  
Obsoletes:         RHSA-2002:166-07
CVE Names:         CAN-2002-1146
---------------------------------------------------------------------

1. Topic:

Updated glibc packages are available to fix a buffer overflow in the
resolver.

2. Relevant releases/architectures:

Red Hat Linux 6.2 - alpha, i386, sparc, sparcv9
Red Hat Linux 7.0 - alpha, alphaev6, i386, i686
Red Hat Linux 7.1 - alpha, alphaev6, i386, i686, ia64
Red Hat Linux 7.2 - i386, i686, ia64
Red Hat Linux 7.3 - i386, i686

3. Problem description:

The GNU C library package, glibc, contains standard libraries which are
used by multiple programs on the system.

A read buffer overflow vulnerability exists in the glibc resolver code in
versions of glibc up to and including 2.2.5.  The vulnerability is
triggered by DNS packets larger than 1024 bytes and can cause applications
to crash.

All Red Hat Linux users are advised to upgrade to these errata packages
which contain a patch to correct this vulnerability.

4. Solution:

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade.  Only those
RPMs which are currently installed will be updated.  Those RPMs which are
not installed but included in the list will not be updated.  Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network.  Many
people find this an easier way to apply updates.  To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

5. RPMs required:

Red Hat Linux 6.2:

SRPMS:
ftp://updates.redhat.com/6.2/en/os/SRPMS/glibc-2.1.3-27.src.rpm

alpha:
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-2.1.3-27.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-devel-2.1.3-27.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/glibc-profile-2.1.3-27.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/nscd-2.1.3-27.alpha.rpm

i386:
ftp://updates.redhat.com/6.2/en/os/i386/glibc-2.1.3-27.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/glibc-devel-2.1.3-27.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/glibc-profile-2.1.3-27.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/nscd-2.1.3-27.i386.rpm

sparc:
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-2.1.3-27.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-devel-2.1.3-27.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/glibc-profile-2.1.3-27.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/nscd-2.1.3-27.sparc.rpm

sparcv9:
ftp://updates.redhat.com/6.2/en/os/sparcv9/glibc-2.1.3-27.sparcv9.rpm

Red Hat Linux 7.0:

SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/glibc-2.2.4-18.7.0.7.src.rpm

alpha:
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-2.2.4-18.7.0.7.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-common-2.2.4-18.7.0.7.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-devel-2.2.4-18.7.0.7.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/glibc-profile-2.2.4-18.7.0.7.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/nscd-2.2.4-18.7.0.7.alpha.rpm

alphaev6:
ftp://updates.redhat.com/7.0/en/os/alphaev6/glibc-2.2.4-18.7.0.7.alphaev6.rpm

i386:
ftp://updates.redhat.com/7.0/en/os/i386/glibc-2.2.4-18.7.0.7.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/glibc-common-2.2.4-18.7.0.7.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/glibc-devel-2.2.4-18.7.0.7.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/glibc-profile-2.2.4-18.7.0.7.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/nscd-2.2.4-18.7.0.7.i386.rpm

i686:
ftp://updates.redhat.com/7.0/en/os/i686/glibc-2.2.4-18.7.0.7.i686.rpm

Red Hat Linux 7.1:

SRPMS:
ftp://updates.redhat.com/7.1/en/os/SRPMS/glibc-2.2.4-30.src.rpm

alpha:
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-2.2.4-30.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-common-2.2.4-30.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-devel-2.2.4-30.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/glibc-profile-2.2.4-30.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/nscd-2.2.4-30.alpha.rpm

alphaev6:
ftp://updates.redhat.com/7.1/en/os/alphaev6/glibc-2.2.4-30.alphaev6.rpm

i386:
ftp://updates.redhat.com/7.1/en/os/i386/glibc-2.2.4-30.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/glibc-common-2.2.4-30.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/glibc-devel-2.2.4-30.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/glibc-profile-2.2.4-30.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/nscd-2.2.4-30.i386.rpm

i686:
ftp://updates.redhat.com/7.1/en/os/i686/glibc-2.2.4-30.i686.rpm

ia64:
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-2.2.4-30.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-common-2.2.4-30.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-devel-2.2.4-30.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/glibc-profile-2.2.4-30.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/nscd-2.2.4-30.ia64.rpm

Red Hat Linux 7.2:

SRPMS:
ftp://updates.redhat.com/7.2/en/os/SRPMS/glibc-2.2.4-30.src.rpm

i386:
ftp://updates.redhat.com/7.2/en/os/i386/glibc-2.2.4-30.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/glibc-common-2.2.4-30.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/glibc-devel-2.2.4-30.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/glibc-profile-2.2.4-30.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/nscd-2.2.4-30.i386.rpm

i686:
ftp://updates.redhat.com/7.2/en/os/i686/glibc-2.2.4-30.i686.rpm

ia64:
ftp://updates.redhat.com/7.2/en/os/ia64/glibc-2.2.4-30.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/glibc-common-2.2.4-30.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/glibc-devel-2.2.4-30.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/glibc-profile-2.2.4-30.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/nscd-2.2.4-30.ia64.rpm

Red Hat Linux 7.3:

SRPMS:
ftp://updates.redhat.com/7.3/en/os/SRPMS/glibc-2.2.5-40.src.rpm

i386:
ftp://updates.redhat.com/7.3/en/os/i386/glibc-2.2.5-40.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-common-2.2.5-40.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-debug-2.2.5-40.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-debug-static-2.2.5-40.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-devel-2.2.5-40.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-profile-2.2.5-40.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/glibc-utils-2.2.5-40.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/nscd-2.2.5-40.i386.rpm

i686:
ftp://updates.redhat.com/7.3/en/os/i686/glibc-2.2.5-40.i686.rpm
ftp://updates.redhat.com/7.3/en/os/i686/glibc-debug-2.2.5-40.i686.rpm



6. Verification:

MD5 sum                          Package Name
--------------------------------------------------------------------------
27f5218e46419359a40b4f922fac708f 6.2/en/os/SRPMS/glibc-2.1.3-27.src.rpm
91687dc0a92965c0952aff3a9f9ee04d 6.2/en/os/alpha/glibc-2.1.3-27.alpha.rpm
9ff78ba76d2203fa11db03f8c2b0b834 6.2/en/os/alpha/glibc-devel-2.1.3-27.alpha.rpm
88a35d7cbb2f6c81119a0acdafacd787 6.2/en/os/alpha/glibc-profile-2.1.3-27.alpha.rpm
daca37c0404f91da1fd6c038c70051db 6.2/en/os/alpha/nscd-2.1.3-27.alpha.rpm
664e9cff01f8c3b35bbe2cdbbde17b1e 6.2/en/os/i386/glibc-2.1.3-27.i386.rpm
4271716ebddc71acc37651a6f8906f69 6.2/en/os/i386/glibc-devel-2.1.3-27.i386.rpm
8fb1ef1d21cb2cf35c5b599401690773 6.2/en/os/i386/glibc-profile-2.1.3-27.i386.rpm
e1f6e18e3fa73093dfd8cc170e87d3b9 6.2/en/os/i386/nscd-2.1.3-27.i386.rpm
fc76db1231720f03734fe6256f6af762 6.2/en/os/sparc/glibc-2.1.3-27.sparc.rpm
6e7d0e16a09f05abdf62e1a1e005a313 6.2/en/os/sparc/glibc-devel-2.1.3-27.sparc.rpm
693e5955ca3073fea984c121690b1bd5 6.2/en/os/sparc/glibc-profile-2.1.3-27.sparc.rpm
f3615936ca1777f48a8283af9670de75 6.2/en/os/sparc/nscd-2.1.3-27.sparc.rpm
59292fccc060f69193158a82c30a61c9 6.2/en/os/sparcv9/glibc-2.1.3-27.sparcv9.rpm
2df1daf817b81557abf047ea1ec94d5f 7.0/en/os/SRPMS/glibc-2.2.4-18.7.0.7.src.rpm
cbb0d99fa81339366beb3fb32f83996b 7.0/en/os/alpha/glibc-2.2.4-18.7.0.7.alpha.rpm
48fc7f5a5d425b697435ac7674a4443d 7.0/en/os/alpha/glibc-common-2.2.4-18.7.0.7.alpha.rpm
2814f400723645d3a39aed11c2731a04 7.0/en/os/alpha/glibc-devel-2.2.4-18.7.0.7.alpha.rpm
59830dc03427ae5506b0eeb35efac7a9 7.0/en/os/alpha/glibc-profile-2.2.4-18.7.0.7.alpha.rpm
dec42bf0a0467193c9f4df6362a4ddec 7.0/en/os/alpha/nscd-2.2.4-18.7.0.7.alpha.rpm
bd2c88f67ef4e96ebaf3d04c7e888968 7.0/en/os/alphaev6/glibc-2.2.4-18.7.0.7.alphaev6.rpm
b3e8b7420767e681d5dd137eafa037df 7.0/en/os/i386/glibc-2.2.4-18.7.0.7.i386.rpm
6f5c2f785f0dd7fb02c2acb4f8ceac37 7.0/en/os/i386/glibc-common-2.2.4-18.7.0.7.i386.rpm
bb4efd84395ac61c45f371fd15747634 7.0/en/os/i386/glibc-devel-2.2.4-18.7.0.7.i386.rpm
5873afa8eaa92c50e9472f236e07a093 7.0/en/os/i386/glibc-profile-2.2.4-18.7.0.7.i386.rpm
bb3102105a2e9368477662e694e3adfc 7.0/en/os/i386/nscd-2.2.4-18.7.0.7.i386.rpm
20cc366797699622e15d9bd61927e821 7.0/en/os/i686/glibc-2.2.4-18.7.0.7.i686.rpm
4618ac0d57fceb8b0db2cbfee5a10446 7.1/en/os/SRPMS/glibc-2.2.4-30.src.rpm
66e66c3bd655be6562b44431d3ef3e5b 7.1/en/os/alpha/glibc-2.2.4-30.alpha.rpm
7da3af162c10ce2a23b3e68a20dec3d5 7.1/en/os/alpha/glibc-common-2.2.4-30.alpha.rpm
a4ed34c7b9e134485bb907fd5dfdba7d 7.1/en/os/alpha/glibc-devel-2.2.4-30.alpha.rpm
f7818486c7ffd4f1b1c9cb65a5eda5f3 7.1/en/os/alpha/glibc-profile-2.2.4-30.alpha.rpm
22f28435b66b584d17626685d44c413e 7.1/en/os/alpha/nscd-2.2.4-30.alpha.rpm
c1ceb01126a07fb23dfa41f8b6b2085a 7.1/en/os/alphaev6/glibc-2.2.4-30.alphaev6.rpm
e78b00060a514030fa7f571608e71950 7.1/en/os/i386/glibc-2.2.4-30.i386.rpm
dac9135a7e5da7a4d62483a7d4808193 7.1/en/os/i386/glibc-common-2.2.4-30.i386.rpm
c37924d44b0af8d7b218901dca3dee7a 7.1/en/os/i386/glibc-devel-2.2.4-30.i386.rpm
808a047f041b4d8809f454822bf7f799 7.1/en/os/i386/glibc-profile-2.2.4-30.i386.rpm
d3a0d948d9144e89662c242d6ccd1b39 7.1/en/os/i386/nscd-2.2.4-30.i386.rpm
fa3ae3e65cb7e6cf9b60b1af7c64f6f5 7.1/en/os/i686/glibc-2.2.4-30.i686.rpm
6873a0f780b150a8834e016e9e44d5b5 7.1/en/os/ia64/glibc-2.2.4-30.ia64.rpm
c9bc907d5ff684332b3b701ebb18a83b 7.1/en/os/ia64/glibc-common-2.2.4-30.ia64.rpm
04137ceb3d24bf6e37f7a04f5d2f7448 7.1/en/os/ia64/glibc-devel-2.2.4-30.ia64.rpm
425ae87389e089663d6e0009e292aed3 7.1/en/os/ia64/glibc-profile-2.2.4-30.ia64.rpm
15910bb8128e3a830606fb768b06374c 7.1/en/os/ia64/nscd-2.2.4-30.ia64.rpm
4618ac0d57fceb8b0db2cbfee5a10446 7.2/en/os/SRPMS/glibc-2.2.4-30.src.rpm
e78b00060a514030fa7f571608e71950 7.2/en/os/i386/glibc-2.2.4-30.i386.rpm
dac9135a7e5da7a4d62483a7d4808193 7.2/en/os/i386/glibc-common-2.2.4-30.i386.rpm
c37924d44b0af8d7b218901dca3dee7a 7.2/en/os/i386/glibc-devel-2.2.4-30.i386.rpm
808a047f041b4d8809f454822bf7f799 7.2/en/os/i386/glibc-profile-2.2.4-30.i386.rpm
d3a0d948d9144e89662c242d6ccd1b39 7.2/en/os/i386/nscd-2.2.4-30.i386.rpm
fa3ae3e65cb7e6cf9b60b1af7c64f6f5 7.2/en/os/i686/glibc-2.2.4-30.i686.rpm
6873a0f780b150a8834e016e9e44d5b5 7.2/en/os/ia64/glibc-2.2.4-30.ia64.rpm
c9bc907d5ff684332b3b701ebb18a83b 7.2/en/os/ia64/glibc-common-2.2.4-30.ia64.rpm
04137ceb3d24bf6e37f7a04f5d2f7448 7.2/en/os/ia64/glibc-devel-2.2.4-30.ia64.rpm
425ae87389e089663d6e0009e292aed3 7.2/en/os/ia64/glibc-profile-2.2.4-30.ia64.rpm
15910bb8128e3a830606fb768b06374c 7.2/en/os/ia64/nscd-2.2.4-30.ia64.rpm
44492986c37d0b0d7209f0d031524d69 7.3/en/os/SRPMS/glibc-2.2.5-40.src.rpm
a6f3971f1327a973011579961522d094 7.3/en/os/i386/glibc-2.2.5-40.i386.rpm
146296060bb7033e5657ee7d359da33a 7.3/en/os/i386/glibc-common-2.2.5-40.i386.rpm
9b6c54b07943ebe7879064752edbb6ec 7.3/en/os/i386/glibc-debug-2.2.5-40.i386.rpm
b965e578070ba9a6c9aa7b7cee5ff258 7.3/en/os/i386/glibc-debug-static-2.2.5-40.i386.rpm
c2dcbf9d83f6ae6e33e16c8f0ff02615 7.3/en/os/i386/glibc-devel-2.2.5-40.i386.rpm
4d87d114861530d2e8dd071baf181dac 7.3/en/os/i386/glibc-profile-2.2.5-40.i386.rpm
a94156cb193b4620be6847903840ec9d 7.3/en/os/i386/glibc-utils-2.2.5-40.i386.rpm
7959b6bd999b93e1eafb4f5a5fe3faaa 7.3/en/os/i386/nscd-2.2.5-40.i386.rpm
2ddc1effba611839002e2c899951eeb2 7.3/en/os/i686/glibc-2.2.5-40.i686.rpm
756e7e8b66e30331a879970665bf777d 7.3/en/os/i686/glibc-debug-2.2.5-40.i686.rpm


These packages are GPG signed by Red Hat, Inc. for security.  Our key
is available at:
    http://www.redhat.com/about/contact/pgpkey.html

You can verify each package with the following command:
    rpm --checksig  <filename>

If you only wish to verify that each package has not been corrupted or
tampered with, examine only the md5sum with the following command:
    rpm --checksig --nogpg <filename>


7. References:

http://www.kb.cert.org/vuls/id/738331
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146


Copyright(c) 2000, 2001, 2002 Red Hat, Inc.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

    This archive was generated by hypermail 2b30 : Thu Oct 03 2002 - 23:47:18 PDT