Linux News
The world is talking about GNU/Linux and Free/Open Source Software

Login

If you don't have an account yet, visit the registration page to sign up.

If you already have an account, you may login here:

Today's Big Story

Zed: A Next-Gen Rust-Based Open Source Code Editor With AI

LXer Features

Linux That's Small

Encryption, Trust, and the Hidden Dangers of Vendor-Controlled Data

My Linux Mint Tribute

How I Turned My Chromebook Into A "Mintbook"

Adventures With My New Chromebook

My Linux Laptop

Have something to say?

Ready to be published? LXer is read by around 350,000 individuals each month, and is an excellent place for you to publish your ideas, thoughts, reviews, complaints, etc. Do you have something to say to the Linux community?

Publish it here.

DaniWeb Linux Community
An exciting professional discussion group about software development, php, shell scripting, networking, ruby, and more.

Latest Discussions

See Activation Cube feature on Fedora 41 KDE Spin in VENV

You don't need AI to know how this goes

Should be a SNL skit

Please add https to lxer.com

Anyone remember Distrotest.net? I found a new one!

Site Menu

Other News

- LWN.net
Their weekly coverage of Linux news is unmatched in this community.

- LinuxGizmos.com
Excellent news for embedded Linux.

- LinuxQuestions.org
Discussion forums for Linux users.

LinuxQuestions.org is a friendly and active Linux Community with forums, reviews, a hardware compatibility list, a wiki, tutorials, a download site, a podcast and more.

Mandrake security alert: Updated glibc packages fix resolver vulnerabilities

Posted by dave on Feb 4, 2004 5:08 PM EDT
Mailing list

Mail this story
Print this story

"A read buffer overflow vulnerability exists in the resolver code in versions of glibc up to and including 2.2.5. The vulnerability is triggered by DNS packets larger than 1024 bytes, which can cause an application to crash."

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

                Mandrake Linux Security Update Advisory
 _______________________________________________________________________

 Package name:           glibc
 Advisory ID:            MDKSA-2004:009
 Date:                   February 4th, 2004

 Affected versions:	 9.0, Corporate Server 2.1,
			 Multi Network Firewall 8.2
 ______________________________________________________________________

 Problem Description:

 A read buffer overflow vulnerability exists in the resolver code in
 versions of glibc up to and including 2.2.5.  The vulnerability is
 triggered by DNS packets larger than 1024 bytes, which can cause an
 application to crash.
 
 The updated packages have a patch applied to correct the problem.
 _______________________________________________________________________

 References:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1146
  http://www.kb.cert.org/vuls/id/738331
 ______________________________________________________________________

 Updated Packages:
  
 Corporate Server 2.1:
 07bed44311d5e47e1413674de9d4bddc  corporate/2.1/RPMS/glibc-2.2.5-16.4.C21mdk.i586.rpm
 208319aa05dfb74d68e568776a060cb3  corporate/2.1/RPMS/glibc-devel-2.2.5-16.4.C21mdk.i586.rpm
 ecc340738dea3ca5a42579e7ace0890b  corporate/2.1/RPMS/glibc-i18ndata-2.2.5-16.4.C21mdk.i586.rpm
 15429acff890e04ff61c63e5a83836d5  corporate/2.1/RPMS/glibc-profile-2.2.5-16.4.C21mdk.i586.rpm
 e34f310444a8aeebcedc4f2a6c79e354  corporate/2.1/RPMS/glibc-static-devel-2.2.5-16.4.C21mdk.i586.rpm
 9d0d6658108caec33a4d546ec35c1e07  corporate/2.1/RPMS/glibc-utils-2.2.5-16.4.C21mdk.i586.rpm
 d58b0309793d0ac67df966f709e0ad07  corporate/2.1/RPMS/ldconfig-2.2.5-16.4.C21mdk.i586.rpm
 e8ccb93c65d8d0346237bf168bbf1b66  corporate/2.1/RPMS/nscd-2.2.5-16.4.C21mdk.i586.rpm
 df1c534f7b2b8a64a35f9d3450c536b8  corporate/2.1/SRPMS/glibc-2.2.5-16.4.C21mdk.src.rpm

 Corporate Server 2.1/x86_64:
 c2eae1a7e73f8ebc8e5dd3038300fb4d  x86_64/corporate/2.1/RPMS/glibc-2.2.5-28.2.C21mdk.x86_64.rpm
 1d2e9ca83e428fe8bbce0b036da9a27d  x86_64/corporate/2.1/RPMS/glibc-debug-2.2.5-28.2.C21mdk.x86_64.rpm
 23804843b092a6b312c5663afd7ff7bd  x86_64/corporate/2.1/RPMS/glibc-devel-2.2.5-28.2.C21mdk.x86_64.rpm
 1fc574b7d06650eac265d0741d30e65a  x86_64/corporate/2.1/RPMS/glibc-i18ndata-2.2.5-28.2.C21mdk.x86_64.rpm
 3b0e773f4f57ff1d50b40c7c167dac4f  x86_64/corporate/2.1/RPMS/glibc-profile-2.2.5-28.2.C21mdk.x86_64.rpm
 97096cf852834a722e5ea9834eb93452  x86_64/corporate/2.1/RPMS/glibc-static-devel-2.2.5-28.2.C21mdk.x86_64.rpm
 37c7eff91489b83d16c755286a0ed3c6  x86_64/corporate/2.1/RPMS/glibc-utils-2.2.5-28.2.C21mdk.x86_64.rpm
 c6495adb2f79fc59e7bee995163239b0  x86_64/corporate/2.1/RPMS/ldconfig-2.2.5-28.2.C21mdk.x86_64.rpm
 0d7ccd741fa5117098b14f70aec5b16e  x86_64/corporate/2.1/RPMS/nscd-2.2.5-28.2.C21mdk.x86_64.rpm
 5579905afbddfa7aebbd409672500b9b  x86_64/corporate/2.1/SRPMS/glibc-2.2.5-28.2.C21mdk.src.rpm

 Mandrake Linux 9.0:
 ad05f4c8330197f97e17fc0e25a92cd5  9.0/RPMS/glibc-2.2.5-16.4.90mdk.i586.rpm
 05a7bc63e055a995235880fe5f258875  9.0/RPMS/glibc-devel-2.2.5-16.4.90mdk.i586.rpm
 3caefcf6e6632883252140c988270ceb  9.0/RPMS/glibc-i18ndata-2.2.5-16.4.90mdk.i586.rpm
 7efbb7e9531907c5fa2b7d81b9c2fc95  9.0/RPMS/glibc-profile-2.2.5-16.4.90mdk.i586.rpm
 dfdc7f7f630c03ed478490a9d4c0e5fc  9.0/RPMS/glibc-static-devel-2.2.5-16.4.90mdk.i586.rpm
 d208fc8a88841816ab8b094bf993a743  9.0/RPMS/glibc-utils-2.2.5-16.4.90mdk.i586.rpm
 e263e2ea3b1d4e30b396c096fd5b51b0  9.0/RPMS/ldconfig-2.2.5-16.4.90mdk.i586.rpm
 0293e531e2ce1b3d07cf89a66f6efa25  9.0/RPMS/nscd-2.2.5-16.4.90mdk.i586.rpm
 180a63e3d7a4bba7e8a9ec967b5a8621  9.0/SRPMS/glibc-2.2.5-16.4.90mdk.src.rpm

 Multi Network Firewall 8.2:
 1c88e2c7ed623d90db090fefd746e2f8  mnf8.2/RPMS/glibc-2.2.4-26.4.M82mdk.i586.rpm
 eafddda3784fda7c9dabffd892940516  mnf8.2/RPMS/ldconfig-2.2.4-26.4.M82mdk.i586.rpm
 32d4267354481e77001b1fc252dc234e  mnf8.2/SRPMS/glibc-2.2.4-26.4.M82mdk.src.rpm
 _______________________________________________________________________

 To upgrade automatically use MandrakeUpdate or urpmi.  The verification
 of md5 checksums and GPG signatures is performed automatically for you.

 A list of FTP mirrors can be obtained from:

  http://www.mandrakesecure.net/en/ftp.php

 All packages are signed by MandrakeSoft for security.  You can obtain
 the GPG public key of the Mandrake Linux Security Team by executing:

  gpg --recv-keys --keyserver http://www.mandrakesecure.net 0x22458A98

 Please be aware that sometimes it takes the mirrors a few hours to
 update.

 You can view other update advisories for Mandrake Linux at:

  http://www.mandrakesecure.net/en/advisories/

 MandrakeSoft has several security-related mailing list services that
 anyone can subscribe to.  Information on these lists can be obtained by
 visiting:

  http://www.mandrakesecure.net/en/mlist.php

 If you want to report vulnerabilities, please contact

  security_linux-mandrake.com

 Type Bits/KeyID     Date       User ID
 pub  1024D/22458A98 2000-07-10 Linux Mandrake Security Team
  
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iD8DBQFAIaGDmqjQ0CJFipgRAsC+AKDq9lQaZox0arEe7b+iO12qt+H7rgCgjXhk
v4VQx5ecm/g6tIpw8YyI2t8=
=Mgh0
-----END PGP SIGNATURE-----

Linux NewsThe world is talking about GNU/Linux and Free/Open Source Software