Updated glibc packages that fix a number of vulnerabilites are now available.
The glibc package contains standard libraries that are used by
multiple programs.
An integer overflow is present in the xdrmem_getbytes() function of glibc
2.3.1 and earlier. Depending upon the application, this vulnerability
could cause buffer overflows and may be exploitable, leading to arbitrary
code execution.
Red Hat would like to thank eEye Digital Security for alerting us to this
issue.
An error in the calculation of memory needed for unpacking arrays in the
XDR decoder in glibc 2.2.5 and earlier can result in a heap buffer
overflow. Depending upon the application, this vulnerability may be
exploitable and lead to arbitrary code execution.
A read buffer overflow vulnerability exists in the glibc resolver code in
versions of glibc up to and including 2.2.5. The vulnerability is triggered
by DNS packets larger than 1024 bytes and can cause applications to crash.
A buffer overflow vulnerability has been found in the way the glibc
resolver handles the resolution of network names and addresses via DNS (as
per Internet RFC 1011). Version 2.2.5 of glibc and earlier versions are
affected. A system would be vulnerable to this issue if the "networks"
database in /etc/nsswitch.conf includes the "dns" entry. By default, Red
Hat Linux ships with "networks" set to "files" and is therefore not
vulnerable to this issue. (CAN-2002-0684)
All users should upgrade to these errata packages, which contain patches to
the glibc libraries and are therefore not vulnerable to these issues.
NOTE: Once the glibc upgrade has been completed, you must either reboot the
system or restart all programs on the system (for example, by using telinit
1 and then switching back to the original runlevel). Rebooting the system
or restarting the system programs is necessary to avoid vulnerable glibc
copies in memory. In addition, one cannot mix old NSS modules or libresolv
with upgraded NSS modules or libresolve in one running application.
Note also that, if sshd is running so that the other services can be
restarted remotely or for a remote reboot during an unattended glibc
upgrade, glibc will also restart sshd.
| Red Hat Linux 7.1 for iSeries |
|
| SRPMS: |
ftp://updates.redhat.com/7.1/en/os/iSeries/SRPMS/glibc-2.2.4-32.src.rpm
Missing file |
ecdba77a6d14da22cb177e0abf414a63 |
| |
| iSeries: |
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/glibc-2.2.4-32.ppc.rpm
Missing file |
1f4e27f797461c245a291effb234bd2c |
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/glibc-common-2.2.4-32.ppc.rpm
Missing file |
7f0cae164a6d52aa666a803a62bb25ed |
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/glibc-devel-2.2.4-32.ppc.rpm
Missing file |
7cb78e3e28221ac55c621e5371d37acd |
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/glibc-profile-2.2.4-32.ppc.rpm
Missing file |
259acc92053940c18f94c391d5b8b17f |
ftp://updates.redhat.com/7.1/en/os/iSeries/ppc/nscd-2.2.4-32.ppc.rpm
Missing file |
57deb71d520279f517c0aad5f37adbdb |
| |
| Red Hat Linux 7.1 for pSeries |
|
| SRPMS: |
ftp://updates.redhat.com/7.1/en/os/pSeries/SRPMS/glibc-2.2.4-32.src.rpm
Missing file |
ecdba77a6d14da22cb177e0abf414a63 |
| |
| pSeries: |
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/glibc-2.2.4-32.ppc.rpm
Missing file |
1f4e27f797461c245a291effb234bd2c |
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/glibc-common-2.2.4-32.ppc.rpm
Missing file |
7f0cae164a6d52aa666a803a62bb25ed |
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/glibc-devel-2.2.4-32.ppc.rpm
Missing file |
7cb78e3e28221ac55c621e5371d37acd |
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/glibc-profile-2.2.4-32.ppc.rpm
Missing file |
259acc92053940c18f94c391d5b8b17f |
ftp://updates.redhat.com/7.1/en/os/pSeries/ppc/nscd-2.2.4-32.ppc.rpm
Missing file |
57deb71d520279f517c0aad5f37adbdb |
| |
buffer, DNS, glibc, integer, nsswitch, overflow, resolv, resolver, RPC, strncpy, sun, XDR
Updated glibc packages fix vulnerabilities