Immunix Secured OS 7+ glibc update

From: Immunix Security Team (securityat_private)
Date: Tue Apr 15 2003 - 11:36:28 PDT

Next message: Massimo Cereda: "Re: ActivCard password cache memory leakage"

Previous message: CORE Security Technologies Advisories: "[VulnWatch] CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

-----------------------------------------------------------------------
	Immunix Secured OS Security Advisory

Packages updated:	glibc
Affected products:	ImmunixOS 7+
Bugs fixed:		CAN-2003-0028
Date:			Mon Apr 14 2003
Advisory ID:		IMNX-2003-7+-009-01
Author:			Seth Arnold <sarnoldat_private>
-----------------------------------------------------------------------

Description:
  Researchers at eEye Digital Security have found integer overflow flaws
  in the XDR library typically used with Sun RPC. While there are no known
  exploits for this problem circulating, we recommend upgrading as soon as
  possible, as it is unlikely StackGuard will prevent exploitation of this
  flaw. Upgrading is especially important for sites using RPC services.

  References: http://www.cert.org/advisories/CA-2003-10.html
  http://www.eeye.com/html/Research/Advisories/AD20030318.html

Package names and locations:
  Precompiled binary packages for Immunix 7+ are available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-2.2-12_imnx_28.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-common-2.2-12_imnx_28.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-devel-2.2-12_imnx_28.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-profile-2.2-12_imnx_28.i386.rpm
  http://download.immunix.org/ImmunixOS/7+/Updates/RPMS/glibc-sdprofiles-2.2-12_imnx_28.i386.rpm
  The source package for Immunix 7+ is available at:
  http://download.immunix.org/ImmunixOS/7+/Updates/SRPMS/glibc-2.2-12_imnx_28.src.rpm

Immunix OS 7+ md5sums:
  0dff3f2fafc441fc0c94da7b60b050be  RPMS/glibc-2.2-12_imnx_28.i386.rpm
  657e14a849c160bea757f4d47b24627d  RPMS/glibc-common-2.2-12_imnx_28.i386.rpm
  e9a36be54e427765d50bdf7a36bf99d6  RPMS/glibc-devel-2.2-12_imnx_28.i386.rpm
  505ae15b380fe3c2fdcbbfedcaa27396  RPMS/glibc-profile-2.2-12_imnx_28.i386.rpm
  f2078e9d89742ab5491264b2547ce98d  RPMS/glibc-sdprofiles-2.2-12_imnx_28.i386.rpm
  d30f2a075136972a8d6712a0c032dd18  RPMS/nscd-2.2-12_imnx_28.i386.rpm
  8c58b736eb08b260cb2a231a6affa36b  SRPMS/glibc-2.2-12_imnx_28.src.rpm

GPG verification:                                                               
  Our public key is available at <http://wirex.com/security/GPG_KEY>.           

NOTE:
  Ibiblio is graciously mirroring our updates, so if the links above are
  slow, please try:
    ftp://ftp.ibiblio.org/pub/Linux/distributions/immunix/
  or one of the many mirrors available at:
    http://www.ibiblio.org/pub/Linux/MIRRORS.html

  ImmunixOS 6.2 is no longer officially supported.
  ImmunixOS 7.0 is no longer officially supported.

Contact information:
  To report vulnerabilities, please contact securityat_private WireX 
  attempts to conform to the RFP vulnerability disclosure protocol
  <http://www.wiretrip.net/rfp/policy.html>.

application/pgp-signature attachment: stored

Next message: Massimo Cereda: "Re: ActivCard password cache memory leakage"
Previous message: CORE Security Technologies Advisories: "[VulnWatch] CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Apr 15 2003 - 12:59:32 PDT