Wolfram Gloger wrote: >>An integer overflow bug has been discovered in the RPC library used by >>GNU libc, which is derived from the SunRPC library. This bug could be >>exploited to gain unauthorized root access to software linking to this >>code. The packages below also fix integer overflows in the malloc >>code. They also contain a fix from Andreas Schwab to reduce >>linebuflen in parallel to bumping up the buffer pointer in the NSS DNS >>code. >> >>This problem has been fixed in version 2.1.3-23 for the old stable >>distribution (potato), in version 2.2.5-11.1 for the current stable >>distribution (woody) and in version 2.2.5-13 for the unstable >>distribution (sid).
> 2. glibc-2.2.5-13 does contain the xdr_array patch, but _not_ any new > malloc patch, unlike the statement in the advisory. That's right. We prepare to fix in -14 soon. > 3. Both 1. and 2. are _not so bad_ when it comes to the malloc issue, > however, because the malloc patch contained in > glibc-xdr-malloc-security.dpatch in 2.2.5-11.1 is _badly broken_. > It replaces the potential overflow with a much more likely division > by zero (elem_size can be zero!). I would suggest that > glibc-xdr-malloc-security.dpatch is replaced by the appended file, > which contains the malloc CVS changes from the stable > glibc-2_2-branch, and fixes this issue, also with a performance > improvement. Thanks, your patch seems good. BTW, why can you say 'with a performance improvement'? I wonder this from looking at this patch and from upstream discussion (including you :). -- gotom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
