Date: Tue, 25 Mar 2003 20:15:31 +0100 From: "Erik Paulsen Skålerud" <erik@pentadon.com> To: "'Miguel Mendez'" <flynn@energyhq.homeip.net>, <ports@freebsd.org> Subject: RE: GLSA: glibc (200303-22) Message-ID: <006501c2f302$e75c8680$0a00000a@yes.no> In-Reply-To: <20030325184546.143261d8.flynn@energyhq.homeip.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an old SA. Check out ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-03:05.xdr.asc And, subscribe yourself to freebsd-security-notifications@freebsd.org Erik. > -----Original Message----- > From: owner-freebsd-ports@FreeBSD.ORG > [mailto:owner-freebsd-ports@FreeBSD.ORG] On Behalf Of Miguel Mendez > Sent: Tuesday, March 25, 2003 6:46 PM > To: ports@freebsd.org > Subject: Fw: GLSA: glibc (200303-22) > > > Hello porters, > > Should we care about this? The advisory is for Gentoo, but > our version is 2.2.4, which seems to be vulnerable. > > Begin forwarded message: > > Date: Tue, 25 Mar 2003 09:50:09 +0100 > From: Daniel Ahlberg <aliz@gentoo.org> > To: bugtraq@securityfocus.com > Subject: GLSA: glibc (200303-22) > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > - - > --------------------------------------------------------------------- > GENTOO LINUX SECURITY ANNOUNCEMENT 200303-22 > - - > --------------------------------------------------------------------- > > PACKAGE : glibc > SUMMARY : integer overflow > DATE : 2003-03-25 08:49 UTC > EXPLOIT : remote > VERSIONS AFFECTED : <2.3.1-r4 (arm: <2.2.5-r8) > FIXED VERSION : >=2.3.1-r4 (arm: >=2.2.5-r8) > CVE : CAN-2003-0028 > > - - > --------------------------------------------------------------------- > > - From advisory: > > "The xdrmem_getbytes() function in the XDR library provided by > Sun Microsystems contains an integer overflow. Depending on the > location and use of the vulnerable xdrmem_getbytes() routine, various > conditions may be presented that can permit an attacker to remotely > exploit a service using this vulnerable routine." > > Read the full advisory at: > http://www.eeye.com/html/Research/Advisories/A>; D20030318.html > > SOLUTION > > It is recommended that all Gentoo Linux users who are running > sys-libs/glibc upgrade to > glibc-2.3.1-r4 (arm: glibc-2.2.5-r8) as follows: > > emerge sync > emerge glibc > emerge clean > > - - > --------------------------------------------------------------------- > aliz@gentoo.org - GnuPG key is available at > http://cvs.gentoo.org/~aliz > - - > > --------------------------------------------------------------------- > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.2.1 (GNU/Linux) > > iD8DBQE+gBg5fT7nyhUpoZMRAp8SAJ0WL/EFzgcNRD6QwXIwKp60DYkhqQCfcoYt > +syEpAhdT1ab5c1DBZKMLwc= > =suct > -----END PGP SIGNATURE----- > > > > -- > Miguel Mendez - flynn@energyhq.homeip.net > GPG Public Key :: http://energyhq.homeip.net/files/pubkey.txt > EnergyHQ :: http://www.energyhq.tk > NetBSD :: One BSD to rule them all! > Tired of Spam? -> http://www.trustic.com > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?006501c2f302$e75c8680$0a00000a>