Bug#600667: marked as done (eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path)

Debian Bug Tracking System Sun, 31 Oct 2010 01:36:32 -0700

Your message dated Sun, 31 Oct 2010 08:33:09 +0000
with message-id <e1pctlh-0004uh...@franck.debian.org>
and subject line Bug#600667: fixed in eglibc 2.11.2-7
has caused the Debian Bug report #600667,
regarding eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid 
library search path
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
600667: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600667
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

package: eglibc
version: 2.11.2-6
severity: grave
tag: patch

an issue has been disclosed in eglibc.  see:
http://seclists.org/fulldisclosure/2010/Oct/257

patch available:
http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html

best wishes,
mike

--- End Message ---

--- Begin Message ---

Source: eglibc
Source-Version: 2.11.2-7

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:

eglibc-source_2.11.2-7_all.deb
  to main/e/eglibc/eglibc-source_2.11.2-7_all.deb
eglibc_2.11.2-7.diff.gz
  to main/e/eglibc/eglibc_2.11.2-7.diff.gz
eglibc_2.11.2-7.dsc
  to main/e/eglibc/eglibc_2.11.2-7.dsc
glibc-doc_2.11.2-7_all.deb
  to main/e/eglibc/glibc-doc_2.11.2-7_all.deb
libc-bin_2.11.2-7_amd64.deb
  to main/e/eglibc/libc-bin_2.11.2-7_amd64.deb
libc-dev-bin_2.11.2-7_amd64.deb
  to main/e/eglibc/libc-dev-bin_2.11.2-7_amd64.deb
libc6-dbg_2.11.2-7_amd64.deb
  to main/e/eglibc/libc6-dbg_2.11.2-7_amd64.deb
libc6-dev-i386_2.11.2-7_amd64.deb
  to main/e/eglibc/libc6-dev-i386_2.11.2-7_amd64.deb
libc6-dev_2.11.2-7_amd64.deb
  to main/e/eglibc/libc6-dev_2.11.2-7_amd64.deb
libc6-i386_2.11.2-7_amd64.deb
  to main/e/eglibc/libc6-i386_2.11.2-7_amd64.deb
libc6-pic_2.11.2-7_amd64.deb
  to main/e/eglibc/libc6-pic_2.11.2-7_amd64.deb
libc6-prof_2.11.2-7_amd64.deb
  to main/e/eglibc/libc6-prof_2.11.2-7_amd64.deb
libc6-udeb_2.11.2-7_amd64.udeb
  to main/e/eglibc/libc6-udeb_2.11.2-7_amd64.udeb
libc6_2.11.2-7_amd64.deb
  to main/e/eglibc/libc6_2.11.2-7_amd64.deb
libnss-dns-udeb_2.11.2-7_amd64.udeb
  to main/e/eglibc/libnss-dns-udeb_2.11.2-7_amd64.udeb
libnss-files-udeb_2.11.2-7_amd64.udeb
  to main/e/eglibc/libnss-files-udeb_2.11.2-7_amd64.udeb
locales-all_2.11.2-7_amd64.deb
  to main/e/eglibc/locales-all_2.11.2-7_amd64.deb
locales_2.11.2-7_all.deb
  to main/e/eglibc/locales_2.11.2-7_all.deb
nscd_2.11.2-7_amd64.deb
  to main/e/eglibc/nscd_2.11.2-7_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 600...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aure...@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 30 Oct 2010 18:15:54 +0200
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd 
libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev 
libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev 
libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev 
libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 
libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 
libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 
libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 
libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc0.3-i686 
libc0.3-xen libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all amd64
Version: 2.11.2-7
Distribution: unstable
Urgency: low
Maintainer: Aurelien Jarno <aure...@debian.org>
Changed-By: Aurelien Jarno <aure...@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - Embedded GNU C Library: 32bit development libraries for 
AMD64
 libc0.1-i386 - Embedded GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3-xen - Embedded GNU C Library: Shared libraries [Xen version]
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - Embedded GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - Embedded GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - Embedded GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - Embedded GNU C Library: 64bit Development Libraries for 
MIPS64
 libc6-dev-mipsn32 - Embedded GNU C Library: n32 Development Libraries for 
MIPS64
 libc6-dev-powerpc - Embedded GNU C Library: 32bit powerpc development 
libraries for p
 libc6-dev-ppc64 - Embedded GNU C Library: 64bit Development Libraries for 
PowerPC64
 libc6-dev-s390x - Embedded GNU C Library: 64bit Development Libraries for IBM 
zSeri
 libc6-dev-sparc64 - Embedded GNU C Library: 64bit Development Libraries for 
UltraSPAR
 libc6-i386 - Embedded GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - Embedded GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - Embedded GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - Embedded GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - Embedded GNU C Library: 32bit powerpc shared libraries for 
ppc64
 libc6-ppc64 - Embedded GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - Embedded GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - Embedded GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparcv9b - Embedded GNU C Library: Shared libraries [v9b optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - Embedded GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - Embedded GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - Embedded GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - Embedded GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 595403 597348 600667 601085 601531
Changes: 
 eglibc (2.11.2-7) unstable; urgency=low
 .
   [ Samuel Thibault ]
   * patches/hurd-i386/cvs-sendmsg-leak.diff: New upstream patch from Emilio
     Pozuelo Monfort to fix a memory leak on the error path of sendmsg.
   * patches/hurd-i386/local-sendmsg-SCM_RIGHTS.diff: New patch from Emilio
     Pozuelo Monfort to implement SCM_RIGHTS in sendmsg().
 .
   [ Aurelien Jarno ]
   * Update Portuguese debconf translation, by Pedro Ribeiro.  Closes: #597348.
   * Add any/submitted-origin.diff from Andreas Schwab to forbid the use
     of $ORIGIN in privileged programs. Add any/cvs-audit-suid.diff to
     only load SUID audit objects in SUID binaries. Fix CVE-2010-3847.
     Closes: #600667.
   * Update Catalan debconf translation, by Jordi Mallach. Closes: #601085.
   * Update Vietnamese debconf translation, by Clytie Siddall.  Closes:
     #601531.
   * Add arm/local-sigaction.diff to match sigaction with SA_RESTORER
     behaviour with other architectures.  Closes: #595403.
Checksums-Sha1: 
 303879f9c33ef57d3ba46807d4a279f889b6411f 2726 eglibc_2.11.2-7.dsc
 b4b62aa526b59ee45613687ae281c59836ec3370 873608 eglibc_2.11.2-7.diff.gz
 a414f243fef75ad3796e13732430497013c5c128 1842858 glibc-doc_2.11.2-7_all.deb
 c1f16a2c5aa3c1997527f5bf9fb6d296946b1063 11058816 
eglibc-source_2.11.2-7_all.deb
 e0cf98774b8252635a4bc2c81f406266f6b6c766 4756338 locales_2.11.2-7_all.deb
 6d6c0060ece3cc40f36ab7f6204e9657aec53804 4272984 libc6_2.11.2-7_amd64.deb
 78e99d403b09e244182653906a02192928049422 2587120 libc6-dev_2.11.2-7_amd64.deb
 9004d0fc939f6843860abaa74af0875f18425c72 2033008 libc6-prof_2.11.2-7_amd64.deb
 54fbb05d74ec8a183eb7306d93ca5bb7494a31c9 1546904 libc6-pic_2.11.2-7_amd64.deb
 094bf86c64ced310a0e7543e7876f4c8c2b6a2d2 745900 libc-bin_2.11.2-7_amd64.deb
 a5d58d8976b4e92a30f8423ca9e3dd0a52a4135a 206934 libc-dev-bin_2.11.2-7_amd64.deb
 6c15c82ecf0db999bf6df621d4c1dd75b921a0ff 3796496 locales-all_2.11.2-7_amd64.deb
 447d11f14b44d021b884fb5eac222ef3d3971b37 3804508 libc6-i386_2.11.2-7_amd64.deb
 0423cf4cb514c42f27e16f33ac3a6f12df575fa1 1523928 
libc6-dev-i386_2.11.2-7_amd64.deb
 7f23cf63cb609263734d87731237f649b6843cad 196486 nscd_2.11.2-7_amd64.deb
 d1e704567a6e6fd398b1f202ad7d5f513e17c227 10424226 libc6-dbg_2.11.2-7_amd64.deb
 61b65b053a21603c6bc133e9f6357c3802773799 1150618 libc6-udeb_2.11.2-7_amd64.udeb
 62f960ad55468de70409e45de073976fd019b9d1 11128 
libnss-dns-udeb_2.11.2-7_amd64.udeb
 9d3d761f4f4fe116c473e45e286425b89e48f8ae 19686 
libnss-files-udeb_2.11.2-7_amd64.udeb
Checksums-Sha256: 
 26729d9e433df5f388ecc3e0e63ee01c1f3215039f44cdb2a23cf1b74b7f04dc 2726 
eglibc_2.11.2-7.dsc
 64bfadee2b2a3ff31e095f5d41635620440d0fd330c113312a9ffe580b58d586 873608 
eglibc_2.11.2-7.diff.gz
 1b15cbd1196d80445c4ff58bf8e4b73e818fbc2c5bb4bf05bbfc95bd18b4132f 1842858 
glibc-doc_2.11.2-7_all.deb
 7957bd3ac5853a5db9e07701622db17f646e7bc7593e3a70245879c762bb3383 11058816 
eglibc-source_2.11.2-7_all.deb
 ef58922c9716cf65d1e1b5da6af983621513f574eb41bfed374860d20a9f1eb9 4756338 
locales_2.11.2-7_all.deb
 640288d260c63a65640abae52d0644c266c79e0a72205a0a4d88a05052df1813 4272984 
libc6_2.11.2-7_amd64.deb
 ba9d4eb8da65b15982f37f06ecbce5ffea5f191e52b5d6d1757292cc3fa1d97f 2587120 
libc6-dev_2.11.2-7_amd64.deb
 e80753933dadd2cc527a120a94514d952d3d52090bde179ec80c78d81f785529 2033008 
libc6-prof_2.11.2-7_amd64.deb
 f3d191cb64a5a4fa3653efc0250e3e9ea1245bb63c8a8efa0017c7f3a69b2eb1 1546904 
libc6-pic_2.11.2-7_amd64.deb
 a64d645230fb2dfd3431f3617b0abec386da3d36787e78f39aef75668b58f382 745900 
libc-bin_2.11.2-7_amd64.deb
 6af2909fc780bca6df6f82e9379699b85ff53a6bbfb516c3801369db7824c22b 206934 
libc-dev-bin_2.11.2-7_amd64.deb
 d5bfc86ae1517703b95d3ef0ca07a3fb358dee160b821263f320434144842349 3796496 
locales-all_2.11.2-7_amd64.deb
 49c979894277a3721454ff6b8edb8e124e37a9a75a39cb75065823d0d248d9f4 3804508 
libc6-i386_2.11.2-7_amd64.deb
 14948135ccf6f4357e5db99a40d960a2cbfdd8ae745095b6e0a1c8a6cd72fe99 1523928 
libc6-dev-i386_2.11.2-7_amd64.deb
 f097fb91d879ad911ea108e7709e141ea9c93abdeda534b747c195ef90e884a5 196486 
nscd_2.11.2-7_amd64.deb
 378f2a5bc9c48933fe61d0dc45b00bfe4bc8a5be4a53a2ef16c782967dd5f1a6 10424226 
libc6-dbg_2.11.2-7_amd64.deb
 6b8fbc3aab64423a3441e342ce2f312a6a27b65e4e838709c0698406d558ac36 1150618 
libc6-udeb_2.11.2-7_amd64.udeb
 d1e1da3cee502eee60d0046196572bc73c014f7997eb28b54ec34d6fb300f9d7 11128 
libnss-dns-udeb_2.11.2-7_amd64.udeb
 0178a2a84ad6ab6b06a6a084b084d92d62dbeb13050ad5fe0b27ec3e6888dade 19686 
libnss-files-udeb_2.11.2-7_amd64.udeb
Files: 
 1bab8928eaefaae9322e2f3e4f367cfb 2726 libs required eglibc_2.11.2-7.dsc
 abcd1589b80a431169e0c0dc7ed9cbf5 873608 libs required eglibc_2.11.2-7.diff.gz
 92a10ac5360f5f465a31af1b9cdcf695 1842858 doc optional 
glibc-doc_2.11.2-7_all.deb
 b96594e6724488480d293b4c8553ad28 11058816 devel optional 
eglibc-source_2.11.2-7_all.deb
 b317aff6c80697358b374857097b6a2f 4756338 localization standard 
locales_2.11.2-7_all.deb
 408bd6a7e67cd59d1c3f03f6f399f653 4272984 libs required libc6_2.11.2-7_amd64.deb
 a90fe01576b1853d7bd1d97f22bb4a2d 2587120 libdevel optional 
libc6-dev_2.11.2-7_amd64.deb
 3244f20810aebc299918fce5ace2a912 2033008 libdevel extra 
libc6-prof_2.11.2-7_amd64.deb
 fe6c8f2b91004239312b63ab0dec8871 1546904 libdevel optional 
libc6-pic_2.11.2-7_amd64.deb
 9d54f17649e96ba42a83ae9cef0625b8 745900 libs required 
libc-bin_2.11.2-7_amd64.deb
 0560f0ae4c1eba87fb23a1271f72162b 206934 libdevel optional 
libc-dev-bin_2.11.2-7_amd64.deb
 3a801d2a272f685b9d897bf9c14fcc25 3796496 localization extra 
locales-all_2.11.2-7_amd64.deb
 d7a05c45de95b7892b384bbe9a1d3af6 3804508 libs optional 
libc6-i386_2.11.2-7_amd64.deb
 ed265945546b5a57326868fc32df8595 1523928 libdevel optional 
libc6-dev-i386_2.11.2-7_amd64.deb
 89db60ac654f36a0455bd2ea1926418d 196486 admin optional nscd_2.11.2-7_amd64.deb
 06abc2cae8f827836e85238e9bd5f02f 10424226 debug extra 
libc6-dbg_2.11.2-7_amd64.deb
 1fb61feda4613f20e7074fbf0bf34887 1150618 debian-installer extra 
libc6-udeb_2.11.2-7_amd64.udeb
 1f9d1e80438291c70e568e17fe9b1d23 11128 debian-installer extra 
libnss-dns-udeb_2.11.2-7_amd64.udeb
 1b9fbf15e42b668b6fcff970fbc66e7d 19686 debian-installer extra 
libnss-files-udeb_2.11.2-7_amd64.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFMzSTmw3ao2vG823MRAi71AJ4p2V5p7QcG4zAtOJ/6HaY+lZ9ZZACfREAW
P3DMThYJ1AWjcxwPYJvpL6o=
=JVBa
-----END PGP SIGNATURE-----

--- End Message ---

Bug#600667: marked as done (eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path)

Reply via email to