Security Advisory Updated glibc packages fix vulnerabilities in RPC XDR decoder

Advisory: RHSA-2002:166-07
Type: Security Advisory
Severity: N/A
Issued on: 2002-08-01
Last updated on: 2002-08-12
Affected Products: Red Hat Linux 6.2
Red Hat Linux 7.0
Red Hat Linux 7.1
Red Hat Linux 7.2
Red Hat Linux 7.3
OVAL: N/A
CVEs (cve.mitre.org): CVE-2002-0391

Details

Updated glibc packages are available to fix a buffer overflow in the XDR
decoder.

The glibc package contains standard libraries which are used by
multiple programs on the system. Sun RPC is a remote procedure call
framework which allows clients to invoke procedures in a server process
over a network. XDR is a mechanism for encoding data structures for use
with RPC. NFS, NIS, and many other network services are built upon Sun
RPC. glibc contains an XDR encoder/decoder derived from Sun's RPC
implementation which was recently demonstrated to be vulnerable to a heap
overflow.

An error in the calculation of memory needed for unpacking arrays in the
XDR decoder in glibc 2.2.5 and earlier can result in a heap buffer
overflow. Depending upon the application, this vulnerability may be
exploitable and lead to arbitrary code execution.

All users should upgrade to these errata packages which contain patches to
the glibc libraries and therefore are not vulnerable to these issues.

Thanks to Solar Designer for providing patches for this issue


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

Updated packages

Red Hat Linux 6.2
SRPMS:
glibc-2.1.3-26.src.rpm
File outdated by:  RHSA-2002:197		     902fde40eb756d84154ab7e20627278d
 
Alpha:
glibc-2.1.3-26.alpha.rpm
File outdated by:  RHSA-2002:197		     4c1a1334bb64e0b8ff8ee98ef437f3fb
glibc-devel-2.1.3-26.alpha.rpm
File outdated by:  RHSA-2002:197		     27a6555f8ea06873f93ffef4cc38078d
glibc-profile-2.1.3-26.alpha.rpm
File outdated by:  RHSA-2002:197		     50230bbda0951a6f221e08a4107fd69c
nscd-2.1.3-26.alpha.rpm
File outdated by:  RHSA-2002:197		     85dc4eddd46e8325901d3f971051184b
 
IA-32:
glibc-2.1.3-26.i386.rpm
File outdated by:  RHSA-2003:089		     99c1a729ffb9ce3b317754efa6534cf2
glibc-devel-2.1.3-26.i386.rpm
File outdated by:  RHSA-2003:089		     f10040cfae13b8c484353953a6fbd3d4
glibc-profile-2.1.3-26.i386.rpm
File outdated by:  RHSA-2003:089		     47b9d894586152080d4cb4ca235ac59b
nscd-2.1.3-26.i386.rpm
File outdated by:  RHSA-2003:089		     b4e147b72613425bb3913ab500804ffb
 
Sparc:
glibc-2.1.3-26.sparc.rpm
File outdated by:  RHSA-2002:197		     ae42b1cdb4eec6c9b06e1cd9126c3d6c
glibc-2.1.3-26.sparcv9.rpm
File outdated by:  RHSA-2002:197		     15164392fd5206f9d431757e56952949
glibc-devel-2.1.3-26.sparc.rpm
File outdated by:  RHSA-2002:197		     589d5f111617b191d18313c16d8b2476
glibc-profile-2.1.3-26.sparc.rpm
File outdated by:  RHSA-2002:197		     198367455fcc4e60ee01267e8804c66f
nscd-2.1.3-26.sparc.rpm
File outdated by:  RHSA-2002:197		     a4fb24a2479c8359a589f81cd69977c8
 
Red Hat Linux 7.0
SRPMS:
ftp://updates.redhat.com/7.0/en/os/SRPMS/glibc-2.2.4-18.7.0.6.src.rpm
Missing file		     dda9b8c1513a0d8c028145d4807cf060
 
Alpha:
glibc-2.2.4-18.7.0.6.alpha.rpm
File outdated by:  RHSA-2002:197		     ea0970bfb37241810aa67aaf67619f65
glibc-2.2.4-18.7.0.6.alphaev6.rpm
File outdated by:  RHSA-2002:197		     5461890fabd2da122193c270a8ac4d59
glibc-common-2.2.4-18.7.0.6.alpha.rpm
File outdated by:  RHSA-2002:197		     ebbfecb12072364cec91e3f2a5f40eab
glibc-devel-2.2.4-18.7.0.6.alpha.rpm
File outdated by:  RHSA-2002:197		     dcec7d9ecfc495b10df9cec032b8cd00
glibc-profile-2.2.4-18.7.0.6.alpha.rpm
File outdated by:  RHSA-2002:197		     9d859fff6feb3647bd7646c0830ae889
nscd-2.2.4-18.7.0.6.alpha.rpm
File outdated by:  RHSA-2002:197		     15c5c4d3e673e85348a1dc888f3ed51d
 
IA-32:
glibc-2.2.4-18.7.0.6.i386.rpm
File outdated by:  RHSA-2003:089		     05699af0cc5f2b22ae9047b9cab3162a
glibc-2.2.4-18.7.0.6.i686.rpm
File outdated by:  RHSA-2003:089		     f34fc0d1eda45d6eeaa4f4ef4a473b62
glibc-common-2.2.4-18.7.0.6.i386.rpm
File outdated by:  RHSA-2003:089		     34d43767ba3af94e3fbd1c54b04e7cbc
glibc-devel-2.2.4-18.7.0.6.i386.rpm
File outdated by:  RHSA-2003:089		     9f446d3c5f901da653b20db9535b6629
glibc-profile-2.2.4-18.7.0.6.i386.rpm
File outdated by:  RHSA-2003:089		     f73d5c9afe51df1c2bb16073b4894d93
nscd-2.2.4-18.7.0.6.i386.rpm
File outdated by:  RHSA-2003:089		     7a729f073702e0b7f09177b6883f2153
 
Red Hat Linux 7.1
SRPMS:
glibc-2.2.4-29.src.rpm
File outdated by:  RHSA-2003:325		     54a0f0ab5858fc4a2c3aa8ede75cfd2b
 
Alpha:
glibc-2.2.4-29.alpha.rpm
File outdated by:  RHSA-2002:197		     78f97e6419fa24beeecd0d035c951c8c
glibc-2.2.4-29.alphaev6.rpm
File outdated by:  RHSA-2002:197		     9265cf46c9c5ac1245e8c89530dcb943
glibc-common-2.2.4-29.alpha.rpm
File outdated by:  RHSA-2002:197		     157ff2a64d725590bb0f489227cb59e0
glibc-devel-2.2.4-29.alpha.rpm
File outdated by:  RHSA-2002:197		     9306da2d1bf0fa9387b253f9bed84f55
glibc-profile-2.2.4-29.alpha.rpm
File outdated by:  RHSA-2002:197		     c9a97967eb783ded680e93c9e5481cef
nscd-2.2.4-29.alpha.rpm
File outdated by:  RHSA-2002:197		     bb589a903f6660094f869d68d4cb8e84
 
IA-32:
glibc-2.2.4-29.i386.rpm
File outdated by:  RHSA-2003:325		     f3d389a4ca38cb96d4a3f7e37c405741
glibc-2.2.4-29.i686.rpm
File outdated by:  RHSA-2003:325		     5b8d21ae3fb3d46c8f90a2db557c2e52
glibc-common-2.2.4-29.i386.rpm
File outdated by:  RHSA-2003:325		     76d59b340658260e4e1a8d1ce057b8b7
glibc-devel-2.2.4-29.i386.rpm
File outdated by:  RHSA-2003:325		     27ac76715305a224aff00b828f514048
glibc-profile-2.2.4-29.i386.rpm
File outdated by:  RHSA-2003:325		     36f4838eb0b0e604207d72b931e6d704
nscd-2.2.4-29.i386.rpm
File outdated by:  RHSA-2003:325		     eb564de42736b1c9f67e51616e57371f
 
IA-64:
glibc-2.2.4-29.ia64.rpm
File outdated by:  RHSA-2002:197		     08ea8d99e1ac9dc564b43f97796f7aba
glibc-common-2.2.4-29.ia64.rpm
File outdated by:  RHSA-2002:197		     fbb8f1131f892fbb25b173a19237698c
glibc-devel-2.2.4-29.ia64.rpm
File outdated by:  RHSA-2002:197		     9b682a108f0cde4c20fe41b90a82f122
glibc-profile-2.2.4-29.ia64.rpm
File outdated by:  RHSA-2002:197		     471b7a20e567eec15bd46c058a637e98
nscd-2.2.4-29.ia64.rpm
File outdated by:  RHSA-2002:197		     db4bb2ce6b3d210b66b2899b9807d7ec
 
Red Hat Linux 7.2
SRPMS:
glibc-2.2.4-29.src.rpm
File outdated by:  RHSA-2003:325		     54a0f0ab5858fc4a2c3aa8ede75cfd2b
 
IA-32:
glibc-2.2.4-29.i386.rpm
File outdated by:  RHSA-2003:325		     f3d389a4ca38cb96d4a3f7e37c405741
glibc-2.2.4-29.i686.rpm
File outdated by:  RHSA-2003:325		     5b8d21ae3fb3d46c8f90a2db557c2e52
glibc-common-2.2.4-29.i386.rpm
File outdated by:  RHSA-2003:325		     76d59b340658260e4e1a8d1ce057b8b7
glibc-devel-2.2.4-29.i386.rpm
File outdated by:  RHSA-2003:325		     27ac76715305a224aff00b828f514048
glibc-profile-2.2.4-29.i386.rpm
File outdated by:  RHSA-2003:325		     36f4838eb0b0e604207d72b931e6d704
nscd-2.2.4-29.i386.rpm
File outdated by:  RHSA-2003:325		     eb564de42736b1c9f67e51616e57371f
 
IA-64:
glibc-2.2.4-29.ia64.rpm
File outdated by:  RHSA-2003:325		     08ea8d99e1ac9dc564b43f97796f7aba
glibc-common-2.2.4-29.ia64.rpm
File outdated by:  RHSA-2003:325		     fbb8f1131f892fbb25b173a19237698c
glibc-devel-2.2.4-29.ia64.rpm
File outdated by:  RHSA-2003:325		     9b682a108f0cde4c20fe41b90a82f122
glibc-profile-2.2.4-29.ia64.rpm
File outdated by:  RHSA-2003:325		     471b7a20e567eec15bd46c058a637e98
nscd-2.2.4-29.ia64.rpm
File outdated by:  RHSA-2003:325		     db4bb2ce6b3d210b66b2899b9807d7ec
 
Red Hat Linux 7.3
SRPMS:
glibc-2.2.5-39.src.rpm
File outdated by:  RHSA-2003:325		     b6a08de99a9a584962cb49efe831df02
 
IA-32:
glibc-2.2.5-39.i386.rpm
File outdated by:  RHSA-2003:325		     2025431dfbb109c0b0c50d825f7fee27
glibc-2.2.5-39.i686.rpm
File outdated by:  RHSA-2003:325		     04475ca3f7e3d715bbadba4be684adae
glibc-common-2.2.5-39.i386.rpm
File outdated by:  RHSA-2003:325		     a8c38b4ee8b84964a636d3989f9e10bb
glibc-debug-2.2.5-39.i386.rpm
File outdated by:  RHSA-2003:325		     bad388217f5aa3528892f7690a9655b9
glibc-debug-2.2.5-39.i686.rpm
File outdated by:  RHSA-2003:325		     de47bae77ce5763fe0a40d63957abc27
glibc-debug-static-2.2.5-39.i386.rpm
File outdated by:  RHSA-2003:325		     68ebf1bb3a7993e92aedfea151ef14be
glibc-devel-2.2.5-39.i386.rpm
File outdated by:  RHSA-2003:325		     d2721bfd9582422283671a10c13f3bd6
glibc-profile-2.2.5-39.i386.rpm
File outdated by:  RHSA-2003:325		     e5416c72ed687a9c96d6115c7543477f
glibc-utils-2.2.5-39.i386.rpm
File outdated by:  RHSA-2003:325		     f53f1577950d5a9571f63af65f2b0ee9
nscd-2.2.5-39.i386.rpm
File outdated by:  RHSA-2003:325		     19b9bb5182518d3bcf9ba8d2a8ee6421
 

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0391
http://online.securityfocus.com/archive/1/285308

Keywords

buffer, overflow, RPC, sun, XDR

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/