Skip to navigation

Security Advisory glibc security update

Advisory: RHSA-2003:334-06
Type: Security Advisory
Severity: Low
Issued on: 2003-11-07
Last updated on: 2003-11-13
Affected Products: Red Hat Enterprise Linux AS (v. 3)
Red Hat Enterprise Linux ES (v. 3)
Red Hat Enterprise Linux WS (v. 3)
CVEs (cve.mitre.org): CVE-2003-0859

Details

Updated glibc packages that resolve a vulnerability and address several bugs
are now available.

The glibc packages contain GNU libc, which provides standard system libraries.

Herbert Xu reported that various applications can accept spoofed messages
sent on the kernel netlink interface by other users on the local machine.
This could lead to a local denial of service attack. The glibc function
getifaddrs uses netlink and could therefore be vulnerable to this issue.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0859 to this issue.

In addition to the security issues, a number of other bugs were fixed.

Users are advised to upgrade to these erratum packages, which contain a
patch that checks that netlink messages actually came from the kernel
and patches for the various bug fixes.


Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

To update all RPMs for your particular architecture, run:

rpm -Fvh [filenames]

where [filenames] is a list of the RPMs you wish to upgrade. Only those
RPMs which are currently installed will be updated. Those RPMs which are
not installed but included in the list will not be updated. Note that you
can also use wildcards (*.rpm) if your current directory *only* contains the
desired RPMs.

Please note that this update is also available via Red Hat Network. Many
people find this an easier way to apply updates. To use Red Hat Network,
launch the Red Hat Update Agent with the following command:

up2date

This will start an interactive process that will result in the appropriate
RPMs being upgraded on your system.

If up2date fails to connect to Red Hat Network due to SSL
Certificate Errors, you need to install a version of the
up2date client with an updated certificate. The latest version of
up2date is available from the Red Hat FTP site and may also be
downloaded directly from the RHN website:

https://rhn.redhat.com/help/latest-up2date.pxt

Updated packages

Red Hat Enterprise Linux AS (v. 3)

SRPMS:
glibc-2.3.2-95.6.src.rpm
File outdated by:  RHBA-2007:0471
    MD5: 60194a9fa0d3b2767240f125feb77cc1
glibc-2.3.2-95.6.src.rpm
File outdated by:  RHBA-2007:0471
    MD5: 60194a9fa0d3b2767240f125feb77cc1
 
IA-32:
glibc-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: dab0196d1a096f2d28f0bcbc333d1927
glibc-2.3.2-95.6.i686.rpm
File outdated by:  RHBA-2007:0471
    MD5: 6b45bc31853d21de20f4ec1a795eb8d1
glibc-common-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: d137d6541d822e7cd26bd91dfd76f0d1
glibc-devel-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 852ec2944f8b724e081fc3e82a3ee801
glibc-headers-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 4fe5271c3e08245af65f762e790804e3
glibc-profile-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 4dfb1359e1efa09938ba5aa4c0d87224
glibc-utils-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: c0ceb680023a3d63e72720628f8370f2
nptl-devel-2.3.2-95.6.i686.rpm
File outdated by:  RHBA-2007:0471
    MD5: 10eb17f2ba645771a641286010ad507b
nscd-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 4e71910b722565871b799c3a7ed93abc
 
IA-64:
glibc-2.3.2-95.6.i686.rpm
File outdated by:  RHBA-2007:0471
    MD5: 6b45bc31853d21de20f4ec1a795eb8d1
glibc-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 81d13a71861239c62e2dbfc7ec11b92f
glibc-common-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 330ee602cb948a592535dacd2587d00e
glibc-devel-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 0d6764ed9d000c91c233f4833c6448cf
glibc-headers-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: bb0ef9fb08904541f5197333fd12919a
glibc-profile-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: d86e5a488ee9afc5365f8e7572d869ea
glibc-utils-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: d8b413ad1107650b0c6bff3db9494edf
nptl-devel-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 15cae2544118fe446a2e28f4036f6af6
nscd-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 661aa18dd85966eed0a5e6d16173e295
 
PPC:
glibc-2.3.2-95.6.ppc.rpm
File outdated by:  RHBA-2007:0471
    MD5: 8937adea8ba1e8517969647eff5a7326
glibc-2.3.2-95.6.ppc64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 6d1c60ef779fb9d1ad006d609ee55b3f
glibc-common-2.3.2-95.6.ppc.rpm
File outdated by:  RHBA-2007:0471
    MD5: 1f028e3522f5e8379720a7fbd568b2cf
ftp://updates.redhat.com/rhn/repository/NULL/glibc-common/2.3.2-95.6/ppc64/glibc-common-2.3.2-95.6.ppc64.rpm
Missing file
    MD5: ba6498d5a5678377542510dbe63d22d3
glibc-devel-2.3.2-95.6.ppc.rpm
File outdated by:  RHBA-2007:0471
    MD5: bbdae51b61608f5a7d5cc3231ead7b24
glibc-devel-2.3.2-95.6.ppc64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 42c17edf86150e76b4ab7540e1d695dc
glibc-headers-2.3.2-95.6.ppc.rpm
File outdated by:  RHBA-2007:0471
    MD5: 2a40bbbae83f1c3281372056302ca8b0
ftp://updates.redhat.com/rhn/repository/NULL/glibc-headers/2.3.2-95.6/ppc64/glibc-headers-2.3.2-95.6.ppc64.rpm
Missing file
    MD5: 8763251b45bc978ce78af7a6d6f3004e
glibc-profile-2.3.2-95.6.ppc.rpm
File outdated by:  RHBA-2007:0471
    MD5: 60c0938c17759246d49c8a6f619004cf
ftp://updates.redhat.com/rhn/repository/NULL/glibc-profile/2.3.2-95.6/ppc64/glibc-profile-2.3.2-95.6.ppc64.rpm
Missing file
    MD5: 013c6b6c4e2aac83644924102bcd65ff
glibc-utils-2.3.2-95.6.ppc.rpm
File outdated by:  RHBA-2007:0471
    MD5: f400d0a137a2b52228e56532f92dfcee
ftp://updates.redhat.com/rhn/repository/NULL/glibc-utils/2.3.2-95.6/ppc64/glibc-utils-2.3.2-95.6.ppc64.rpm
Missing file
    MD5: 8b58d0cc190535911da305082abb1f96
nptl-devel-2.3.2-95.6.ppc.rpm
File outdated by:  RHBA-2007:0471
    MD5: d67869a70f24606ab75ba606b7fcdc5b
ftp://updates.redhat.com/rhn/repository/NULL/nptl-devel/2.3.2-95.6/ppc64/nptl-devel-2.3.2-95.6.ppc64.rpm
Missing file
    MD5: 6083ee4227d1ad2a8da4af9536b82f9b
nscd-2.3.2-95.6.ppc.rpm
File outdated by:  RHBA-2007:0471
    MD5: 1c9d759c35521dc45ccb376d7511b8eb
ftp://updates.redhat.com/rhn/repository/NULL/nscd/2.3.2-95.6/ppc64/nscd-2.3.2-95.6.ppc64.rpm
Missing file
    MD5: 95519eee349dc7ecc6c65148651f0dce
 
s390:
glibc-2.3.2-95.6.s390.rpm
File outdated by:  RHBA-2007:0471
    MD5: 8269b72258d05fa0941a1de2210a63c9
glibc-common-2.3.2-95.6.s390.rpm
File outdated by:  RHBA-2007:0471
    MD5: a1c0c49725f52b6a1ec3dbf7e2f1de7c
glibc-devel-2.3.2-95.6.s390.rpm
File outdated by:  RHBA-2007:0471
    MD5: ee1157c27012030f4853056942f159ed
glibc-headers-2.3.2-95.6.s390.rpm
File outdated by:  RHBA-2007:0471
    MD5: 9263ff903d639ff7c20ca41df5d0b2fa
glibc-profile-2.3.2-95.6.s390.rpm
File outdated by:  RHBA-2007:0471
    MD5: d4744da0d728c428be4cf141649996f0
glibc-utils-2.3.2-95.6.s390.rpm
File outdated by:  RHBA-2007:0471
    MD5: b4aed4b1ed7be73b0b3acbd0aa2e2754
nptl-devel-2.3.2-95.6.s390.rpm
File outdated by:  RHBA-2007:0471
    MD5: 65550c332e2cec8c8362a51ee484fc95
nscd-2.3.2-95.6.s390.rpm
File outdated by:  RHBA-2007:0471
    MD5: 8dadf3c5224ca3cb3e341b10e9c4dad7
 
s390x:
glibc-2.3.2-95.6.s390.rpm
File outdated by:  RHBA-2007:0471
    MD5: 8269b72258d05fa0941a1de2210a63c9
glibc-2.3.2-95.6.s390x.rpm
File outdated by:  RHBA-2007:0471
    MD5: 674a9ebdc1681d645c9a049d89e1d634
glibc-common-2.3.2-95.6.s390x.rpm
File outdated by:  RHBA-2007:0471
    MD5: 8bd71f298d4d4757dd091de88d3e20cb
glibc-devel-2.3.2-95.6.s390.rpm
File outdated by:  RHBA-2007:0471
    MD5: ee1157c27012030f4853056942f159ed
glibc-devel-2.3.2-95.6.s390x.rpm
File outdated by:  RHBA-2007:0471
    MD5: d6a16f7b551bb5c335eb902678621bd9
glibc-headers-2.3.2-95.6.s390x.rpm
File outdated by:  RHBA-2007:0471
    MD5: ea76d770672d9a0f20e78fb756bd8278
glibc-profile-2.3.2-95.6.s390x.rpm
File outdated by:  RHBA-2007:0471
    MD5: 1b9604a9386a2b9ac2f2c5050e38f6ae
glibc-utils-2.3.2-95.6.s390x.rpm
File outdated by:  RHBA-2007:0471
    MD5: 653068ac15d2c617083a72808d119888
nptl-devel-2.3.2-95.6.s390x.rpm
File outdated by:  RHBA-2007:0471
    MD5: fd51ab12fc905194d7a341c18c1081a6
nscd-2.3.2-95.6.s390x.rpm
File outdated by:  RHBA-2007:0471
    MD5: e0b53cb8c2827581675ea47073e108da
 
x86_64:
glibc-2.3.2-95.6.i686.rpm
File outdated by:  RHBA-2007:0471
    MD5: 6b45bc31853d21de20f4ec1a795eb8d1
glibc-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 842bdfafa1972b2fc1eb2f07958e3f3d
glibc-common-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 31ce5ebb8ba6b2c788deccef4cb68489
glibc-devel-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 852ec2944f8b724e081fc3e82a3ee801
glibc-devel-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: cd5dfad7670076da9ac361777244e387
glibc-headers-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 1c823c7efecf39d1fb595d53482f8c94
glibc-profile-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: b48edac993d6f86714fe32f14c5391e0
glibc-utils-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 5b36260c2fcd95b2029af02d75a4ee15
nptl-devel-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: a86cca25e9797402d9bc14ddfd59702b
nscd-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: f4ea2f6a92a58c17feeb4aefad4d268e
 
Red Hat Enterprise Linux ES (v. 3)

SRPMS:
glibc-2.3.2-95.6.src.rpm
File outdated by:  RHBA-2007:0471
    MD5: 60194a9fa0d3b2767240f125feb77cc1
glibc-2.3.2-95.6.src.rpm
File outdated by:  RHBA-2007:0471
    MD5: 60194a9fa0d3b2767240f125feb77cc1
 
IA-32:
glibc-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: dab0196d1a096f2d28f0bcbc333d1927
glibc-2.3.2-95.6.i686.rpm
File outdated by:  RHBA-2007:0471
    MD5: 6b45bc31853d21de20f4ec1a795eb8d1
glibc-common-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: d137d6541d822e7cd26bd91dfd76f0d1
glibc-devel-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 852ec2944f8b724e081fc3e82a3ee801
glibc-headers-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 4fe5271c3e08245af65f762e790804e3
glibc-profile-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 4dfb1359e1efa09938ba5aa4c0d87224
glibc-utils-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: c0ceb680023a3d63e72720628f8370f2
nptl-devel-2.3.2-95.6.i686.rpm
File outdated by:  RHBA-2007:0471
    MD5: 10eb17f2ba645771a641286010ad507b
nscd-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 4e71910b722565871b799c3a7ed93abc
 
Red Hat Enterprise Linux WS (v. 3)

SRPMS:
glibc-2.3.2-95.6.src.rpm
File outdated by:  RHBA-2007:0471
    MD5: 60194a9fa0d3b2767240f125feb77cc1
glibc-2.3.2-95.6.src.rpm
File outdated by:  RHBA-2007:0471
    MD5: 60194a9fa0d3b2767240f125feb77cc1
 
IA-32:
glibc-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: dab0196d1a096f2d28f0bcbc333d1927
glibc-2.3.2-95.6.i686.rpm
File outdated by:  RHBA-2007:0471
    MD5: 6b45bc31853d21de20f4ec1a795eb8d1
glibc-common-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: d137d6541d822e7cd26bd91dfd76f0d1
glibc-devel-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 852ec2944f8b724e081fc3e82a3ee801
glibc-headers-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 4fe5271c3e08245af65f762e790804e3
glibc-profile-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 4dfb1359e1efa09938ba5aa4c0d87224
glibc-utils-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: c0ceb680023a3d63e72720628f8370f2
nptl-devel-2.3.2-95.6.i686.rpm
File outdated by:  RHBA-2007:0471
    MD5: 10eb17f2ba645771a641286010ad507b
nscd-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 4e71910b722565871b799c3a7ed93abc
 
IA-64:
glibc-2.3.2-95.6.i686.rpm
File outdated by:  RHBA-2007:0471
    MD5: 6b45bc31853d21de20f4ec1a795eb8d1
glibc-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 81d13a71861239c62e2dbfc7ec11b92f
glibc-common-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 330ee602cb948a592535dacd2587d00e
glibc-devel-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 0d6764ed9d000c91c233f4833c6448cf
glibc-headers-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: bb0ef9fb08904541f5197333fd12919a
glibc-profile-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: d86e5a488ee9afc5365f8e7572d869ea
glibc-utils-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: d8b413ad1107650b0c6bff3db9494edf
nptl-devel-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 15cae2544118fe446a2e28f4036f6af6
nscd-2.3.2-95.6.ia64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 661aa18dd85966eed0a5e6d16173e295
 
x86_64:
glibc-2.3.2-95.6.i686.rpm
File outdated by:  RHBA-2007:0471
    MD5: 6b45bc31853d21de20f4ec1a795eb8d1
glibc-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 842bdfafa1972b2fc1eb2f07958e3f3d
glibc-common-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 31ce5ebb8ba6b2c788deccef4cb68489
glibc-devel-2.3.2-95.6.i386.rpm
File outdated by:  RHBA-2007:0471
    MD5: 852ec2944f8b724e081fc3e82a3ee801
glibc-devel-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: cd5dfad7670076da9ac361777244e387
glibc-headers-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 1c823c7efecf39d1fb595d53482f8c94
glibc-profile-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: b48edac993d6f86714fe32f14c5391e0
glibc-utils-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: 5b36260c2fcd95b2029af02d75a4ee15
nptl-devel-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: a86cca25e9797402d9bc14ddfd59702b
nscd-2.3.2-95.6.x86_64.rpm
File outdated by:  RHBA-2007:0471
    MD5: f4ea2f6a92a58c17feeb4aefad4d268e
 

Bugs fixed (see bugzilla for more information)

101261 - getnameinfo fails to to reverse lookup on IPv6 addresses
103727 - LD_PROFILE=libc.so.6 and sprof give seg fault
107846 - locale utility is broken on big-endian 64-bit platforms
108631 - LTC5138-NPTL: pthread_condtimedwait hang or mutex_lock hang
108634 - Signal handler installation races with signal, glibc-2.3.2
90402 - backtrace() is broken


References


Keywords

glibc, netlink


These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/