Security Advisory Updated glibc packages fix vulnerabilities in resolver

Advisory: RHSA-2002:139-10
Type: Security Advisory
Severity: N/A
Issued on: 2002-07-11
Last updated on: 2002-07-22
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
OVAL: N/A
CVEs (cve.mitre.org): CVE-2002-0651
CVE-2002-0684

Details

Updated glibc packages are available to fix two vulnerabilities in the
resolver functions.

The glibc package contains standard libraries which are used by
multiple programs on the system.

A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS (as
per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are
affected. A system would be vulnerable to this issue if the
"networks" database in /etc/nsswitch.conf includes the "dns" entry. By
default, Red Hat Linux ships with "networks" set to "files" and
is therefore not vulnerable to this issue. (CAN-2002-0684)

A second, related, issue is a bug in the glibc-compat packages, which
provide compatibility for applications compiled against glibc version
2.0.x. Applications compiled against this version (such as those
distributed with early Red Hat Linux releases 5.0, 5.1, and 5.2) could also
be vulnerable to this issue. (CAN-2002-0651)

These errata packages for Red Hat Linux 7.1 and 7.2 on the Itanium
architecture also include a fix for the strncpy implementation in some
boundary cases.

All users should upgrade to these errata packages which contain patches to
the glibc and glibc-compat libraries and therefore are not vulnerable to
these issues.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 6.2
SRPMS:
glibc-2.1.3-24.src.rpm
File outdated by:  RHSA-2002:197		     9a3e1bff97d347d5d0eaa649285a29e7
 
Alpha:
glibc-2.1.3-24.alpha.rpm
File outdated by:  RHSA-2002:197		     2e3e177fe6e65d26cdbb96588a9a5d7c
glibc-devel-2.1.3-24.alpha.rpm
File outdated by:  RHSA-2002:197		     eeaabcca9198c433f2e5f4a3c37e9f94
glibc-profile-2.1.3-24.alpha.rpm
File outdated by:  RHSA-2002:197		     e471e5eaddb1096c9e0b6b43d2285e6b
nscd-2.1.3-24.alpha.rpm
File outdated by:  RHSA-2002:197		     0d3567e1ad976fb9968f066d76c1713c
 
IA-32:
glibc-2.1.3-24.i386.rpm
File outdated by:  RHSA-2003:089		     55c893993fd3101ce3c3847b03a3fbbe
glibc-devel-2.1.3-24.i386.rpm
File outdated by:  RHSA-2003:089		     f9484a4634fce16bed9cdaf098cf861f
glibc-profile-2.1.3-24.i386.rpm
File outdated by:  RHSA-2003:089		     aed4c48fbc415b8aefe2c20933bbf6b8
nscd-2.1.3-24.i386.rpm
File outdated by:  RHSA-2003:089		     07abd4e9d2181f8948af2fe76784b554
 
Sparc:
glibc-2.1.3-24.sparc.rpm
File outdated by:  RHSA-2002:197		     eb0c870314704ed3eb95961f4060cc7c
glibc-2.1.3-24.sparcv9.rpm
File outdated by:  RHSA-2002:197		     f60261b7b32f5a627267e06306af56f5
glibc-devel-2.1.3-24.sparc.rpm
File outdated by:  RHSA-2002:197		     01c54853ad6a5083bb23eda3d43b22a5
glibc-profile-2.1.3-24.sparc.rpm
File outdated by:  RHSA-2002:197		     e39a6b9420f251d11cad05032bf0275b
nscd-2.1.3-24.sparc.rpm
File outdated by:  RHSA-2002:197		     decd8617187517c68d7fa0d0438adf12
 
Red Hat Linux 7.0
SRPMS:
glibc-2.2.4-18.7.0.4.src.rpm
File outdated by:  RHSA-2003:089		     5b64505518a0dcc4d6b023f0c7af3960
 
Alpha:
glibc-2.2.4-18.7.0.4.alpha.rpm
File outdated by:  RHSA-2002:197		     10d795dcdfc8756f03219f116182d702
glibc-2.2.4-18.7.0.4.alphaev6.rpm
File outdated by:  RHSA-2002:197		     39dc3b3b9a963a3c7348a73c0a2ff7f8
glibc-common-2.2.4-18.7.0.4.alpha.rpm
File outdated by:  RHSA-2002:197		     90714b1817aa083dec2e57477043caf6
glibc-devel-2.2.4-18.7.0.4.alpha.rpm
File outdated by:  RHSA-2002:197		     0b61592283a9640030c127a5cd124336
glibc-profile-2.2.4-18.7.0.4.alpha.rpm
File outdated by:  RHSA-2002:197		     6e5da4f63088606f19777233d68ab296
nscd-2.2.4-18.7.0.4.alpha.rpm
File outdated by:  RHSA-2002:197		     739a998a00fc67c4e6a5170e55d17cb5
 
IA-32:
glibc-2.2.4-18.7.0.4.i386.rpm
File outdated by:  RHSA-2003:089		     321393b42a53d31f69b6eaffc9f2102a
glibc-2.2.4-18.7.0.4.i686.rpm
File outdated by:  RHSA-2003:089		     e35c630998bd879e88f1ab9bb9b74d72
glibc-common-2.2.4-18.7.0.4.i386.rpm
File outdated by:  RHSA-2003:089		     50afc752fff2c878011119e1b37e8571
glibc-devel-2.2.4-18.7.0.4.i386.rpm
File outdated by:  RHSA-2003:089		     78ab2c22d7b8612016a89907dcbd0d29
glibc-profile-2.2.4-18.7.0.4.i386.rpm
File outdated by:  RHSA-2003:089		     87d4668630cfd074fefd150475f1e5e5
nscd-2.2.4-18.7.0.4.i386.rpm
File outdated by:  RHSA-2003:089		     d513dc5efa2d875866ffbdd244a92a67
 
Red Hat Linux 7.1
SRPMS:
glibc-2.2.4-27.src.rpm
File outdated by:  RHSA-2003:325		     8b5c7cb9220631e68050637383b9c29d
 
Alpha:
glibc-2.2.4-27.alpha.rpm
File outdated by:  RHSA-2002:197		     d70b222f0e4a3ab20968857c68b683ce
glibc-2.2.4-27.alphaev6.rpm
File outdated by:  RHSA-2002:197		     de454e55e66522bd40739370092422ba
glibc-common-2.2.4-27.alpha.rpm
File outdated by:  RHSA-2002:197		     8bb579b8a232b90550291904d4078449
glibc-devel-2.2.4-27.alpha.rpm
File outdated by:  RHSA-2002:197		     5923ddfbc622ab02ef63a08607c32b00
glibc-profile-2.2.4-27.alpha.rpm
File outdated by:  RHSA-2002:197		     a2701ab8e56f3ed77d62d7de84dd7ce4
nscd-2.2.4-27.alpha.rpm
File outdated by:  RHSA-2002:197		     01be31be9c13facb3f88b3717c0e3319
 
IA-32:
glibc-2.2.4-27.i386.rpm
File outdated by:  RHSA-2003:325		     eeafe747b480543489d3d91c496af3bc
glibc-2.2.4-27.i686.rpm
File outdated by:  RHSA-2003:325		     8c33fbd6a3a0e40c22e8892a624bd398
glibc-common-2.2.4-27.i386.rpm
File outdated by:  RHSA-2003:325		     b75ad5323c294daf1dc53c8bd74bdae2
glibc-devel-2.2.4-27.i386.rpm
File outdated by:  RHSA-2003:325		     75ddc348fa944e0df55bb8351a0988e3
glibc-profile-2.2.4-27.i386.rpm
File outdated by:  RHSA-2003:325		     915abdc16175ec8ee07adbaf406b563d
nscd-2.2.4-27.i386.rpm
File outdated by:  RHSA-2003:325		     8c4b8d913b56910d1eb043cd8fb7dadf
 
IA-64:
glibc-2.2.4-27.ia64.rpm
File outdated by:  RHSA-2002:197		     c5a61c4a96e0c89cb94c5755b9d640df
glibc-common-2.2.4-27.ia64.rpm
File outdated by:  RHSA-2002:197		     2753a1d09ef0294dd611283a6dc01279
glibc-devel-2.2.4-27.ia64.rpm
File outdated by:  RHSA-2002:197		     175abe8553824db00c84fd7ba23150d6
glibc-profile-2.2.4-27.ia64.rpm
File outdated by:  RHSA-2002:197		     f3774fb87287ad7cd9e083d062cda348
nscd-2.2.4-27.ia64.rpm
File outdated by:  RHSA-2002:197		     7e7c12abfea5507a0a5cc8744072c747
 
Red Hat Linux 7.2
SRPMS:
glibc-2.2.4-27.src.rpm
File outdated by:  RHSA-2003:325		     8b5c7cb9220631e68050637383b9c29d
 
IA-32:
glibc-2.2.4-27.i386.rpm
File outdated by:  RHSA-2003:325		     eeafe747b480543489d3d91c496af3bc
glibc-2.2.4-27.i686.rpm
File outdated by:  RHSA-2003:325		     8c33fbd6a3a0e40c22e8892a624bd398
glibc-common-2.2.4-27.i386.rpm
File outdated by:  RHSA-2003:325		     b75ad5323c294daf1dc53c8bd74bdae2
glibc-devel-2.2.4-27.i386.rpm
File outdated by:  RHSA-2003:325		     75ddc348fa944e0df55bb8351a0988e3
glibc-profile-2.2.4-27.i386.rpm
File outdated by:  RHSA-2003:325		     915abdc16175ec8ee07adbaf406b563d
nscd-2.2.4-27.i386.rpm
File outdated by:  RHSA-2003:325		     8c4b8d913b56910d1eb043cd8fb7dadf
 
IA-64:
glibc-2.2.4-27.ia64.rpm
File outdated by:  RHSA-2003:325		     c5a61c4a96e0c89cb94c5755b9d640df
glibc-common-2.2.4-27.ia64.rpm
File outdated by:  RHSA-2003:325		     2753a1d09ef0294dd611283a6dc01279
glibc-devel-2.2.4-27.ia64.rpm
File outdated by:  RHSA-2003:325		     175abe8553824db00c84fd7ba23150d6
glibc-profile-2.2.4-27.ia64.rpm
File outdated by:  RHSA-2003:325		     f3774fb87287ad7cd9e083d062cda348
nscd-2.2.4-27.ia64.rpm
File outdated by:  RHSA-2003:325		     7e7c12abfea5507a0a5cc8744072c747
 
Red Hat Linux 7.3
SRPMS:
glibc-2.2.5-37.src.rpm
File outdated by:  RHSA-2003:325		     9c2d0f4717f4931ff3d233ef44cfa5b1
 
IA-32:
glibc-2.2.5-37.i386.rpm
File outdated by:  RHSA-2003:325		     b3e14c27d1f337107662cffe8111ffb4
glibc-2.2.5-37.i686.rpm
File outdated by:  RHSA-2003:325		     854b21baba0b4b32963bc322fe59ffc2
glibc-common-2.2.5-37.i386.rpm
File outdated by:  RHSA-2003:325		     318a0e614f31b4ea63ea122ffc9b0abc
glibc-debug-2.2.5-37.i386.rpm
File outdated by:  RHSA-2003:325		     c11c152ffb7b98e3ada86ef89b21060b
glibc-debug-2.2.5-37.i686.rpm
File outdated by:  RHSA-2003:325		     0d488fae1d4248bbd1727c402143d5f6
glibc-debug-static-2.2.5-37.i386.rpm
File outdated by:  RHSA-2003:325		     8f7403eb789e624a91a5728c752ffb7e
glibc-devel-2.2.5-37.i386.rpm
File outdated by:  RHSA-2003:325		     1364e6e500af53789f94a845d7201745
glibc-profile-2.2.5-37.i386.rpm
File outdated by:  RHSA-2003:325		     977f0364e31ef240375d5dc3abce27c9
glibc-utils-2.2.5-37.i386.rpm
File outdated by:  RHSA-2003:325		     702c9e2f376d9d10829961b29d1e3fd3
nscd-2.2.5-37.i386.rpm
File outdated by:  RHSA-2003:325		     aa3e2f88f60ca8e8566d45a8e8bf6218
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0651
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0684
http://www.cert.org/advisories/CA-2002-19.html

Keywords

glibc, nsswitch, resolver, strncpy

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/