Mailinglist Archive: opensuse-updates (48 mails)

< Previous Next >
openSUSE-SU-2010:0913-1 (important): glibc: Security update to fix various security problems and bugs
  • From: opensuse-security@xxxxxxxxxxxx
  • Date: Thu, 28 Oct 2010 02:08:09 +0200 (CEST)
  • Message-id: <20101028000809.A340EBE4E@xxxxxxxxxxxxxx>
openSUSE Security Update: glibc: Security update to fix various security
problems and bugs
______________________________________________________________________________

Announcement ID: openSUSE-SU-2010:0913-1
Rating: important
References: #375315 #572188 #592941 #594263 #646960
Cross-References: CVE-2008-1391 CVE-2010-0296 CVE-2010-0830
CVE-2010-3847 CVE-2010-3856
Affected Products:
openSUSE 11.2
______________________________________________________________________________

An update that fixes 5 vulnerabilities is now available.

Description:

This update of glibc fixes various bugs and security issues:

CVE-2010-3847: Decoding of the $ORIGIN special value in
various LD_ environment variables allowed local attackers
to execute code in context of e.g. setuid root programs,
elevating privileges. This issue does not affect SUSE as
an assertion triggers before the respective code is
executed. The bug was fixed nevertheless.

CVE-2010-3856: The LD_AUDIT environment was not pruned
during setuid root execution and could load shared
libraries from standard system library paths. This could be
used by local attackers to inject code into setuid root
programs and so elevated privileges.

CVE-2010-0830: Integer overflow causing arbitrary code
execution in ld.so
--verify mode could be induced by a specially crafted
binary.

CVE-2010-0296: The addmntent() function would not escape
the newline character properly, allowing the user to insert
arbitrary newlines to the /etc/mtab; if the addmntent() is
run by a setuid mount binary that does not do extra input
checking, this would allow custom entries to be inserted in
/etc/mtab.

CVE-2008-1391: The strfmon() function contains an integer
overflow vulnerability in width specifiers handling that
could be triggered by an attacker that can control the
format string passed to strfmon().


Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE 11.2:

zypper in -t patch glibc-3400

To bring your system up-to-date, use "zypper patch".


Package List:

- openSUSE 11.2 (i586 i686 x86_64):

glibc-2.10.1-10.9.1
glibc-devel-2.10.1-10.9.1

- openSUSE 11.2 (i586 x86_64):

glibc-html-2.10.1-10.9.1
glibc-i18ndata-2.10.1-10.9.1
glibc-info-2.10.1-10.9.1
glibc-locale-2.10.1-10.9.1
glibc-obsolete-2.10.1-10.9.1
glibc-profile-2.10.1-10.9.1
nscd-2.10.1-10.9.1

- openSUSE 11.2 (x86_64):

glibc-32bit-2.10.1-10.9.1
glibc-devel-32bit-2.10.1-10.9.1
glibc-locale-32bit-2.10.1-10.9.1
glibc-profile-32bit-2.10.1-10.9.1


References:

http://support.novell.com/security/cve/CVE-2008-1391.html
http://support.novell.com/security/cve/CVE-2010-0296.html
http://support.novell.com/security/cve/CVE-2010-0830.html
http://support.novell.com/security/cve/CVE-2010-3847.html
http://support.novell.com/security/cve/CVE-2010-3856.html
https://bugzilla.novell.com/375315
https://bugzilla.novell.com/572188
https://bugzilla.novell.com/592941
https://bugzilla.novell.com/594263
https://bugzilla.novell.com/646960


< Previous Next >
This Thread
  • No further messages