From owner-freebsd-ports Tue Mar 25 9:45:30 2003 Delivered-To: freebsd-ports@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E938837B401 for ; Tue, 25 Mar 2003 09:45:26 -0800 (PST) Received: from energyhq.homeip.net (213-97-200-73.uc.nombres.ttd.es [213.97.200.73]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0D8C343F3F for ; Tue, 25 Mar 2003 09:45:25 -0800 (PST) (envelope-from flynn@energyhq.homeip.net) Received: from christine.energyhq.tk (christine.energyhq.tk [192.168.100.1]) by energyhq.homeip.net (Postfix) with SMTP id 0EE95AF584 for ; Tue, 25 Mar 2003 18:45:25 +0100 (CET) Date: Tue, 25 Mar 2003 18:45:46 +0100 From: Miguel Mendez To: ports@freebsd.org Subject: Fw: GLSA: glibc (200303-22) Message-Id: <20030325184546.143261d8.flynn@energyhq.homeip.net> X-Mailer: Sylpheed version 0.8.11claws (GTK+ 1.2.10; i386--netbsdelf) X-Face: 1j}k*2E>Y\+C~E|/wehi[:dCM,{N7/uE3o# P,{t7gA/qnovFDDuyQV.1hdT7&#d)q"xY33}{_GS>kk'S{O]nE$A`T|\4&p\&mQyexOLb8}FO List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --=.p:W,FG5QEPEfs/ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Hello porters, Should we care about this? The advisory is for Gentoo, but our version is 2.2.4, which seems to be vulnerable. Begin forwarded message: Date: Tue, 25 Mar 2003 09:50:09 +0100 From: Daniel Ahlberg To: bugtraq@securityfocus.com Subject: GLSA: glibc (200303-22) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - --------------------------------------------------------------------- GENTOO LINUX SECURITY ANNOUNCEMENT 200303-22 - - --------------------------------------------------------------------- PACKAGE : glibc SUMMARY : integer overflow DATE : 2003-03-25 08:49 UTC EXPLOIT : remote VERSIONS AFFECTED : <2.3.1-r4 (arm: <2.2.5-r8) FIXED VERSION : >=2.3.1-r4 (arm: >=2.2.5-r8) CVE : CAN-2003-0028 - - --------------------------------------------------------------------- - From advisory: "The xdrmem_getbytes() function in the XDR library provided by Sun Microsystems contains an integer overflow. Depending on the location and use of the vulnerable xdrmem_getbytes() routine, various conditions may be presented that can permit an attacker to remotely exploit a service using this vulnerable routine." Read the full advisory at: http://www.eeye.com/html/Research/Advisories/AD20030318.html SOLUTION It is recommended that all Gentoo Linux users who are running sys-libs/glibc upgrade to glibc-2.3.1-r4 (arm: glibc-2.2.5-r8) as follows: emerge sync emerge glibc emerge clean - - --------------------------------------------------------------------- aliz@gentoo.org - GnuPG key is available at http://cvs.gentoo.org/~aliz - - --------------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+gBg5fT7nyhUpoZMRAp8SAJ0WL/EFzgcNRD6QwXIwKp60DYkhqQCfcoYt +syEpAhdT1ab5c1DBZKMLwc= =suct -----END PGP SIGNATURE----- -- Miguel Mendez - flynn@energyhq.homeip.net GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt EnergyHQ :: http://www.energyhq.tk NetBSD :: One BSD to rule them all! Tired of Spam? -> http://www.trustic.com --=.p:W,FG5QEPEfs/ Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (NetBSD) iD8DBQE+gJXOnLctrNyFFPERAiszAJ9UR/2mOmEWtPsc4sCkUaTqEwlVMACfQQmV 8ZLMdtv4Oqz5DdRUr7Gernw= =fsBE -----END PGP SIGNATURE----- --=.p:W,FG5QEPEfs/-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message