At Wed, 19 Mar 2003 14:40:53 -0600 (CST), Drew Scott Daniels wrote: > > Package: glibc > Severity: grave > Tags: security, potato, woody, sarge, sid > > I hope I'm not just causing extra work by posting this, but it is a grave > bug and I haven't seen anything yet about it. The security team should > already have a copy the CERT advisory, maybe even from before it's public > release.
Hmm, glibc-2.2.x (stable), 2.3.1-14 (testing), 2.3.1-15 (unstable) seems be vulnerable. OK, I apply the designated patch, and release -16 with urgency=high. BTW, glibc-2.2.x should apply this update, in addition there is a request to bump up IA-64 stacksize. We should do it at the same time. Regards, -- gotom > GNU glibc > > Version 2.3.1 of the GNU C Library is vulnerable. Earlier versions are > also vulnerable. The following patches have been installed into the > CVS sources, and should appear in the next version of the GNU C > Library. These patches are also available from the following URLs: > > http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sunrpc/rpc/xdr.h. > diff?r1=1.26&r2=1.27&cvsroot=glibc > http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sunrpc/xdr_mem.c. > diff?r1=1.13&r2=1.15&cvsroot=glibc > http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sunrpc/xdr_rec.c. > diff?r1=1.26&r2=1.27&cvsroot=glibc > http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sunrpc/xdr_sizeof > .c.diff?r1=1.5&r2=1.6&cvsroot=glibc > http://sources.redhat.com/cgi-bin/cvsweb.cgi/libc/sunrpc/xdr_stdio. > c.diff?r1=1.15&r2=1.16&cvsroot=glibc > > 2002-12-16 Roland McGrath > > * sunrpc/xdr_mem.c (xdrmem_inline): Fix argument type. > * sunrpc/xdr_rec.c (xdrrec_inline): Likewise. > * sunrpc/xdr_stdio.c (xdrstdio_inline): Likewise. > > 2002-12-13 Paul Eggert > > * sunrpc/rpc/xdr.h (struct XDR.xdr_ops.x_inline): 2nd arg > is now u_int, not int. > (struct XDR.x_handy): Now u_int, not int. > * sunrpc/xdr_mem.c: Include . > (xdrmem_getlong, xdrmem_putlong, xdrmem_getbytes, xdrmem_putbytes, > xdrmem_inline, xdrmem_getint32, xdrmem_putint32): > x_handy is now unsigned, not signed. > Do not decrement x_handy if no change is made. > (xdrmem_setpos): Check for int overflow. > * sunrpc/xdr_sizeof.c (x_inline): 2nd arg is now unsigned. > (xdr_sizeof): Remove cast that is now unnecessary, now that > x_handy is unsigned. > > [ text of diffs available in the links included above --CERT/CC ] -- gotom
