aru Posted March 25, 2003 Report Share Posted March 25, 2003 MandrakeSoft Security Advisory MDKSA-2003:037 : glibc March 25th, 2003 Updated glibc packages fix vulnerabilities in RPC XDR decoder An integer overflow was discovered by eEye Digital Security in the xdrmem_getbytes() function of glibc 2.3.1 and earlier. This function is part of the XDR encoder/decoder derived from Sun's RPC implementation. Depending upon the application, this vulnerability can cause buffer overflows and could possibly be exploited to execute arbitray code. The provided packages contain patches that correct this issue and all users should upgrade. Please note that users of Mandrake Linux 9.1 already have this fix in the 9.1-released glibc packages. The released versions of Mandrake GNU/Linux affected are: 7.2 [*] 8.0 [*] 8.0/PPC [*] 8.1 [*] 8.1/IA64 [*] 8.2 [*] 8.2/PPC [*] 9.0 [*] Single Network Firewall 7.2 [*] Multi Network Firewall 8.2 [*] Corporate Server 2.1 Full information about this advisory, including the updated packages, is available at: www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2003:037 Other references are: http://cve.mitre.org/cgi-bin/cvename.cgi?n...e=CAN-2003-0028 Posted automatically by aru (mdksec2mub v0.0.4) Quote Link to comment Share on other sites More sharing options...
ramfree17 Posted March 26, 2003 Report Share Posted March 26, 2003 have anybody tried this update? like somebody said (bvc?) updating glibc is often harder than it seems as its an integral part of the system. ciao! Quote Link to comment Share on other sites More sharing options...
Guest ndeb Posted March 26, 2003 Report Share Posted March 26, 2003 I did for both mandrake-9.0 and redhat-8.0. With mandrake-9.0, the change is marginal (since its still glibc 2.2.5) so the upgrade did not affect anything. But with redhat-8.0, there is a huge jump from glibc 2.2.93 to 2.3.x and the upgrade simply stopped my wireless lan connection such that only way out was to reboot. So glibc upgrade is indeed tricky and can make linux look like windows (reboot is the only way out). Quote Link to comment Share on other sites More sharing options...
aru Posted March 26, 2003 Author Report Share Posted March 26, 2003 True, the update only fixes the vulnerability, the rest of the library is the same. An upgrade of glibc, as always, is a major upgrade and something to think about if it deserves the effort Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.