[ MDVSA-2010:207 ] glibc



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDVSA-2010:207
http://www.mandriva.com/security/
_______________________________________________________________________

Package : glibc
Date : October 20, 2010
Affected: 2009.0, 2009.1, 2010.0, 2010.1, Corporate 4.0,
Enterprise Server 5.0
_______________________________________________________________________

Problem Description:

A vulnerability in the GNU C library (glibc) was discovered which
could escalate the privilegies for local users (CVE-2010-3847).

Packages for 2009.0 are provided as of the Extended Maintenance
Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

The updated packages have been patched to correct this issue.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
_______________________________________________________________________

Updated Packages:

Mandriva Linux 2009.0:
a4d39a7e052d7566860a9808fb6facab 2009.0/i586/glibc-2.8-1.20080520.5.6mnb2.i586.rpm
421c40e60cdc3165836015e4e653abac 2009.0/i586/glibc-devel-2.8-1.20080520.5.6mnb2.i586.rpm
5036dcf4cb2a3af14c25a8ce599f3f45 2009.0/i586/glibc-doc-2.8-1.20080520.5.6mnb2.i586.rpm
ef7e05f7049a35724dddf4efab8eaaa3 2009.0/i586/glibc-doc-pdf-2.8-1.20080520.5.6mnb2.i586.rpm
199d92c40f9af82609de470d29ceec0f 2009.0/i586/glibc-i18ndata-2.8-1.20080520.5.6mnb2.i586.rpm
d1214e310c9a6e793128b52023613020 2009.0/i586/glibc-profile-2.8-1.20080520.5.6mnb2.i586.rpm
b1f0d1ebb0cec942d9aaab22aa06bd9c 2009.0/i586/glibc-static-devel-2.8-1.20080520.5.6mnb2.i586.rpm
3b58fc6a26b3ced44437bf52d8b9d94e 2009.0/i586/glibc-utils-2.8-1.20080520.5.6mnb2.i586.rpm
b4e29fcc306460dbe823b5572fca514c 2009.0/i586/nscd-2.8-1.20080520.5.6mnb2.i586.rpm
92ae0463a364c2e884d1078a3aa8b51f 2009.0/SRPMS/glibc-2.8-1.20080520.5.6mnb2.src.rpm

Mandriva Linux 2009.0/X86_64:
8b5c248f35ce51d3997dd74399ba40ef 2009.0/x86_64/glibc-2.8-1.20080520.5.6mnb2.x86_64.rpm
02dba59fe2f1a2914be5eedda88a256b 2009.0/x86_64/glibc-devel-2.8-1.20080520.5.6mnb2.x86_64.rpm
fd8854aa8d8f8b76d19c67d8a6f6a250 2009.0/x86_64/glibc-doc-2.8-1.20080520.5.6mnb2.x86_64.rpm
788a765c6da4f18a134213f9258735a2 2009.0/x86_64/glibc-doc-pdf-2.8-1.20080520.5.6mnb2.x86_64.rpm
c47d540f6693aef1081b09891ae63273 2009.0/x86_64/glibc-i18ndata-2.8-1.20080520.5.6mnb2.x86_64.rpm
d321cd114f1faa16609d7ac4af328ced 2009.0/x86_64/glibc-profile-2.8-1.20080520.5.6mnb2.x86_64.rpm
ab7b888f9511ee837c841bc7fbc1309d 2009.0/x86_64/glibc-static-devel-2.8-1.20080520.5.6mnb2.x86_64.rpm
0b954036474de55d963cc61244775917 2009.0/x86_64/glibc-utils-2.8-1.20080520.5.6mnb2.x86_64.rpm
612d080403a930053d551f3f830cee70 2009.0/x86_64/nscd-2.8-1.20080520.5.6mnb2.x86_64.rpm
92ae0463a364c2e884d1078a3aa8b51f 2009.0/SRPMS/glibc-2.8-1.20080520.5.6mnb2.src.rpm

Mandriva Linux 2009.1:
802b179f33340868821e566a89f3d8f1 2009.1/i586/glibc-2.9-0.20081113.5.2mnb2.i586.rpm
aa1a0d9970fc4a76bf00d046d60a92a8 2009.1/i586/glibc-devel-2.9-0.20081113.5.2mnb2.i586.rpm
b14abc9b6dff62c2a57928b3e3c000d7 2009.1/i586/glibc-doc-2.9-0.20081113.5.2mnb2.i586.rpm
4c9c422b2630e439acb71d27a48d0e34 2009.1/i586/glibc-doc-pdf-2.9-0.20081113.5.2mnb2.i586.rpm
888038824df50ba3139faf675b8515a6 2009.1/i586/glibc-i18ndata-2.9-0.20081113.5.2mnb2.i586.rpm
81d79610e6a14f031208583388182a5c 2009.1/i586/glibc-profile-2.9-0.20081113.5.2mnb2.i586.rpm
7ead9afd350537a5871b64477e5195b2 2009.1/i586/glibc-static-devel-2.9-0.20081113.5.2mnb2.i586.rpm
6a5d441c7cecee9d8e57f422d01875f8 2009.1/i586/glibc-utils-2.9-0.20081113.5.2mnb2.i586.rpm
ea0ffbc86572d3074d402fb4a027a657 2009.1/i586/nscd-2.9-0.20081113.5.2mnb2.i586.rpm
f277c949afca2e6ce6943c08e9daab2b 2009.1/SRPMS/glibc-2.9-0.20081113.5.2mnb2.src.rpm

Mandriva Linux 2009.1/X86_64:
8666721c947b268a6de330ffcf956750 2009.1/x86_64/glibc-2.9-0.20081113.5.2mnb2.x86_64.rpm
29efb1f632936e0ddc2749ecf3303557 2009.1/x86_64/glibc-devel-2.9-0.20081113.5.2mnb2.x86_64.rpm
6476c89e1b2026f733a6931ac839af72 2009.1/x86_64/glibc-doc-2.9-0.20081113.5.2mnb2.x86_64.rpm
74b0fae9bad6d648e129414f2ba60067 2009.1/x86_64/glibc-doc-pdf-2.9-0.20081113.5.2mnb2.x86_64.rpm
cf76a25b44f53560934b96bb397ddd06 2009.1/x86_64/glibc-i18ndata-2.9-0.20081113.5.2mnb2.x86_64.rpm
a50708ae5dbce5f10b0d637df9f14072 2009.1/x86_64/glibc-profile-2.9-0.20081113.5.2mnb2.x86_64.rpm
519b1421644223a8fef671eaab928846 2009.1/x86_64/glibc-static-devel-2.9-0.20081113.5.2mnb2.x86_64.rpm
74427b0af1a1b68f3003b521a53d7d51 2009.1/x86_64/glibc-utils-2.9-0.20081113.5.2mnb2.x86_64.rpm
70f861cce4aa8674285b02dcfbc15296 2009.1/x86_64/nscd-2.9-0.20081113.5.2mnb2.x86_64.rpm
f277c949afca2e6ce6943c08e9daab2b 2009.1/SRPMS/glibc-2.9-0.20081113.5.2mnb2.src.rpm

Mandriva Linux 2010.0:
55f570c3ad78d91959c0797cf9f19493 2010.0/i586/glibc-2.10.1-6.6mnb2.i586.rpm
461d5c034443c9e055c7ab99acea0aaa 2010.0/i586/glibc-devel-2.10.1-6.6mnb2.i586.rpm
8bee7f5af50405191389f368db096361 2010.0/i586/glibc-doc-2.10.1-6.6mnb2.i586.rpm
4aeaad1db7b9bf1b6efaf32ead79eaed 2010.0/i586/glibc-doc-pdf-2.10.1-6.6mnb2.i586.rpm
87dddaf9c0324d953b630b2c2b869593 2010.0/i586/glibc-i18ndata-2.10.1-6.6mnb2.i586.rpm
791ccd2ed7358373129d0c3cf7512df6 2010.0/i586/glibc-profile-2.10.1-6.6mnb2.i586.rpm
585b5447d279babdf3b0cf7df8dff737 2010.0/i586/glibc-static-devel-2.10.1-6.6mnb2.i586.rpm
99edf4391f194b028f44ea096ced58f9 2010.0/i586/glibc-utils-2.10.1-6.6mnb2.i586.rpm
7d94e43fdf817318a436a05e692fe864 2010.0/i586/nscd-2.10.1-6.6mnb2.i586.rpm
f1a977e3df8485f503e7d38c46c3f7cf 2010.0/SRPMS/glibc-2.10.1-6.6mnb2.src.rpm

Mandriva Linux 2010.0/X86_64:
2cb370c961161662eb5fa27581a928ff 2010.0/x86_64/glibc-2.10.1-6.6mnb2.x86_64.rpm
72713d1524c4c9dfae85f8da527ab455 2010.0/x86_64/glibc-devel-2.10.1-6.6mnb2.x86_64.rpm
59d3b16e5d59efa6420504b6dc3d53f5 2010.0/x86_64/glibc-doc-2.10.1-6.6mnb2.x86_64.rpm
a167dd710a5e7c8508f1c3267f60d969 2010.0/x86_64/glibc-doc-pdf-2.10.1-6.6mnb2.x86_64.rpm
2ff60593413b03bfb020aa4887c2827d 2010.0/x86_64/glibc-i18ndata-2.10.1-6.6mnb2.x86_64.rpm
4944728921be7872ce99f9aee774584a 2010.0/x86_64/glibc-profile-2.10.1-6.6mnb2.x86_64.rpm
26fedcc6e0748793084851039dea8ce2 2010.0/x86_64/glibc-static-devel-2.10.1-6.6mnb2.x86_64.rpm
ec059b86df9b2b7bd96ee33efa8143c9 2010.0/x86_64/glibc-utils-2.10.1-6.6mnb2.x86_64.rpm
3a130d199bb74a3b4319bbfc4c662e5e 2010.0/x86_64/nscd-2.10.1-6.6mnb2.x86_64.rpm
f1a977e3df8485f503e7d38c46c3f7cf 2010.0/SRPMS/glibc-2.10.1-6.6mnb2.src.rpm

Mandriva Linux 2010.1:
9e6756f39308cb82721af9a393ad3f01 2010.1/i586/glibc-2.11.1-8.1mnb2.i586.rpm
8ff5760768bcbc3c81bec33630a67dce 2010.1/i586/glibc-devel-2.11.1-8.1mnb2.i586.rpm
012a57ec04d79c9c7256d8f745a184cb 2010.1/i586/glibc-doc-2.11.1-8.1mnb2.i586.rpm
5b0c4083b0b54c18fd57eee6c439ab87 2010.1/i586/glibc-doc-pdf-2.11.1-8.1mnb2.i586.rpm
9c58502b4b44006bb9dd53e494997752 2010.1/i586/glibc-i18ndata-2.11.1-8.1mnb2.i586.rpm
600e1e8c29eefda204819b116aab3909 2010.1/i586/glibc-profile-2.11.1-8.1mnb2.i586.rpm
0151ba3a9db9d74a1f5ab4acba3bdffd 2010.1/i586/glibc-static-devel-2.11.1-8.1mnb2.i586.rpm
e03bd5ee69c0c27e7e55f03e757ad240 2010.1/i586/glibc-utils-2.11.1-8.1mnb2.i586.rpm
38d9f77971ae3e663d4177939cf3e26c 2010.1/i586/nscd-2.11.1-8.1mnb2.i586.rpm
3f6685b949eb1b75efe40e4c492da5b2 2010.1/SRPMS/glibc-2.11.1-8.1mnb2.src.rpm

Mandriva Linux 2010.1/X86_64:
3fb2d4ba03ea05fbf383bce9c918fb9f 2010.1/x86_64/glibc-2.11.1-8.1mnb2.x86_64.rpm
fd6760dcfd7d0415db153b1a20efe7cd 2010.1/x86_64/glibc-devel-2.11.1-8.1mnb2.x86_64.rpm
53f3fc371b761c4dae5eb9f4c3312f0a 2010.1/x86_64/glibc-doc-2.11.1-8.1mnb2.x86_64.rpm
dc53a7ea64a488adb7dd1bd337dda835 2010.1/x86_64/glibc-doc-pdf-2.11.1-8.1mnb2.x86_64.rpm
676de3350ca910a2d23bae0e6498d3a3 2010.1/x86_64/glibc-i18ndata-2.11.1-8.1mnb2.x86_64.rpm
6c01cc1115a9b0b97b50ae1ae3d8a26b 2010.1/x86_64/glibc-profile-2.11.1-8.1mnb2.x86_64.rpm
647707744cc66ab912cd2b341c15bc2d 2010.1/x86_64/glibc-static-devel-2.11.1-8.1mnb2.x86_64.rpm
d075a7e7b4ce61f651e6333b9e094c06 2010.1/x86_64/glibc-utils-2.11.1-8.1mnb2.x86_64.rpm
ed63cad1e47bc68b14e26e065edea104 2010.1/x86_64/nscd-2.11.1-8.1mnb2.x86_64.rpm
3f6685b949eb1b75efe40e4c492da5b2 2010.1/SRPMS/glibc-2.11.1-8.1mnb2.src.rpm

Corporate 4.0:
954c7fa4796eb96661670110927bf04e corporate/4.0/i586/glibc-2.3.6-4.3.20060mlcs4.i586.rpm
7844b1b3a5fcea5592714ef19f3ebb7a corporate/4.0/i586/glibc-devel-2.3.6-4.3.20060mlcs4.i586.rpm
2e744f6fac29b88dbbf44b431644eada corporate/4.0/i586/glibc-doc-2.3.6-4.3.20060mlcs4.i586.rpm
6e764e6966598fa92f28129ff08a259b corporate/4.0/i586/glibc-doc-pdf-2.3.6-4.3.20060mlcs4.i586.rpm
58f6f507708cf4c62ce1b9b64bac7339 corporate/4.0/i586/glibc-i18ndata-2.3.6-4.3.20060mlcs4.i586.rpm
0726d5a973be9e94caf298ade74ebca7 corporate/4.0/i586/glibc-profile-2.3.6-4.3.20060mlcs4.i586.rpm
c43e083f977ee4ccce227891259f64ff corporate/4.0/i586/glibc-static-devel-2.3.6-4.3.20060mlcs4.i586.rpm
19d3abef528b0ebce245f8d522f0ca1f corporate/4.0/i586/glibc-utils-2.3.6-4.3.20060mlcs4.i586.rpm
105fc8f187ab07b87def4e52c68b45a3 corporate/4.0/i586/ldconfig-2.3.6-4.3.20060mlcs4.i586.rpm
5d7c07e0f9c6abf92633664afd301087 corporate/4.0/i586/nptl-devel-2.3.6-4.3.20060mlcs4.i586.rpm
8d7349924d0a53f9567929b0a87317de corporate/4.0/i586/nscd-2.3.6-4.3.20060mlcs4.i586.rpm
65fae4c5ea02d94ccd7fc4a72a5635bc corporate/4.0/SRPMS/glibc-2.3.6-4.3.20060mlcs4.src.rpm

Corporate 4.0/X86_64:
cbf4e06b0564c49886f348d0224dc52d corporate/4.0/x86_64/glibc-2.3.6-4.3.20060mlcs4.x86_64.rpm
e0784311d11ab7c17f0740b29eb3c2f3 corporate/4.0/x86_64/glibc-devel-2.3.6-4.3.20060mlcs4.x86_64.rpm
7ad0dfb37bfb00fc08e5c6d66e9f01bd corporate/4.0/x86_64/glibc-doc-2.3.6-4.3.20060mlcs4.x86_64.rpm
eda60dfec28e3a85f158714ec42d7ae3 corporate/4.0/x86_64/glibc-doc-pdf-2.3.6-4.3.20060mlcs4.x86_64.rpm
1a2ad411439f6b140cbc6f6e82f8e749 corporate/4.0/x86_64/glibc-i18ndata-2.3.6-4.3.20060mlcs4.x86_64.rpm
822beed8ac604a8f2ee8af0e2682ccd8 corporate/4.0/x86_64/glibc-profile-2.3.6-4.3.20060mlcs4.x86_64.rpm
5d0f0642e7ab6983cfe4c32cf24d4018 corporate/4.0/x86_64/glibc-static-devel-2.3.6-4.3.20060mlcs4.x86_64.rpm
2533bf85da955bde2cdbc8f13864d8bb corporate/4.0/x86_64/glibc-utils-2.3.6-4.3.20060mlcs4.x86_64.rpm
484402227eadfbbcde7dee3967c88c1f corporate/4.0/x86_64/ldconfig-2.3.6-4.3.20060mlcs4.x86_64.rpm
47549d339fb39d272b941ead96805ab9 corporate/4.0/x86_64/nptl-devel-2.3.6-4.3.20060mlcs4.x86_64.rpm
239d6747993896fd28da6cdebc72cb95 corporate/4.0/x86_64/nscd-2.3.6-4.3.20060mlcs4.x86_64.rpm
65fae4c5ea02d94ccd7fc4a72a5635bc corporate/4.0/SRPMS/glibc-2.3.6-4.3.20060mlcs4.src.rpm

Mandriva Enterprise Server 5:
546cdb658291860d33699bc3ade38c3f mes5/i586/glibc-2.8-1.20080520.5.6mnb2.i586.rpm
76f36515736c5780bcd9915de8afb17e mes5/i586/glibc-devel-2.8-1.20080520.5.6mnb2.i586.rpm
8e31d27ec488d3b8651d9f5783978185 mes5/i586/glibc-doc-2.8-1.20080520.5.6mnb2.i586.rpm
04fe57ffa7ba67f8b6f0db555a25500c mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.6mnb2.i586.rpm
c69b0fae345c40c585923b9b625a2f21 mes5/i586/glibc-i18ndata-2.8-1.20080520.5.6mnb2.i586.rpm
cccdff704b3ecfe45498460ae9aa9572 mes5/i586/glibc-profile-2.8-1.20080520.5.6mnb2.i586.rpm
86b48858aa46fcf2cf453270e117311a mes5/i586/glibc-static-devel-2.8-1.20080520.5.6mnb2.i586.rpm
c307b635e06dff286871f07295d7ca23 mes5/i586/glibc-utils-2.8-1.20080520.5.6mnb2.i586.rpm
2a5192418cc815d92e38c0b7a62fbc01 mes5/i586/nscd-2.8-1.20080520.5.6mnb2.i586.rpm
916d165d2665deccc30655d0f7f85bae mes5/SRPMS/glibc-2.8-1.20080520.5.6mnb2.src.rpm

Mandriva Enterprise Server 5/X86_64:
811ae047841180c2028ac426a69d6e72 mes5/x86_64/glibc-2.8-1.20080520.5.6mnb2.x86_64.rpm
377afd0b6673e71fc37697dede5a72e2 mes5/x86_64/glibc-devel-2.8-1.20080520.5.6mnb2.x86_64.rpm
cf98a56094d67c47a44cbc482ac10e0a mes5/x86_64/glibc-doc-2.8-1.20080520.5.6mnb2.x86_64.rpm
9eb63f098b8288abbba2a1c2db096a06 mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.6mnb2.x86_64.rpm
12fa3833f6daa50d0baf169f855ba29d mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.6mnb2.x86_64.rpm
645e92cb5d447a5614f8d54df4851e18 mes5/x86_64/glibc-profile-2.8-1.20080520.5.6mnb2.x86_64.rpm
6902498ca74ec74d5f29980484800e5a mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.6mnb2.x86_64.rpm
40fa0bc5b61932dd96e0129930b759ed mes5/x86_64/glibc-utils-2.8-1.20080520.5.6mnb2.x86_64.rpm
744f9ebd9d4e6c17be419b88394c180c mes5/x86_64/nscd-2.8-1.20080520.5.6mnb2.x86_64.rpm
916d165d2665deccc30655d0f7f85bae mes5/SRPMS/glibc-2.8-1.20080520.5.6mnb2.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iD8DBQFMvzkSmqjQ0CJFipgRAsxhAKCXjvn+mLjD3jW9CjAMbJ0f63NgUgCg8JbV
Tv+YBX6HYdei+vm4D/Ykbrs=
=kVF6
-----END PGP SIGNATURE-----



Relevant Pages

  • [Full-disclosure] [ MDVSA-2010:073-1 ] cups
    ... Use-after-free vulnerability in the abstract file-descriptor handling ... scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers ... The updated packages have been patched to correct these issues. ... Packages for Mandriva Linux 2010.0 was missing with ...
    (Full-Disclosure)
  • [Full-disclosure] [ MDVSA-2010:084 ] java-1.6.0-openjdk
    ... Multiple Java OpenJDK security vulnerabilities has been identified ... CMM readMabCurveData Buffer Overflow Vulnerability. ... Packages for 2009.0 are provided due to the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Full-Disclosure)
  • [ MDVSA-2010:084 ] java-1.6.0-openjdk
    ... Multiple Java OpenJDK security vulnerabilities has been identified ... CMM readMabCurveData Buffer Overflow Vulnerability. ... Packages for 2009.0 are provided due to the Extended Maintenance ... Mandriva Linux 2009.0/X86_64: ...
    (Bugtraq)
  • [ MDVSA-2010:073-1 ] cups
    ... Use-after-free vulnerability in the abstract file-descriptor handling ... scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers ... The updated packages have been patched to correct these issues. ... Packages for Mandriva Linux 2010.0 was missing with ...
    (Bugtraq)
  • [Full-disclosure] [ MDKSA-2007:079-1 ] - Updated xorg-x11/XFree86 packages fix i
    ... Local exploitation of a memory corruption vulnerability in the X.Org ... Updated packages are patched to address these issues. ... Packages for Mandriva Linux 2007.1 are now available. ...
    (Full-Disclosure)