レッドハット | オープンソース・カンパニー

Account Links: RHN登録方法 | RHN登録 | RHNログイン

サポート > セキュリティー&アップデート/ERRATA

glibcパッケージのアップデート

アドバイスID:	RHSA-2003:325-10
最終更新日:	2003-11-13
影響のあるプロダクト:	Red Hat Linux 7.1 Red Hat Linux 7.2 Red Hat Linux 7.3 Red Hat Linux 8.0 Red Hat Linux 9
CVEs (cve.mitre.org):	CAN-2003-0689 CAN-2003-0859

セキュリティ・アドバイス

概要:

Updated glibc packages that resolve vulnerabilities and address several bugs
are now available.

The glibc packages contain GNU libc, which provides standard system libraries.

A bug in the getgrouplist function can cause a buffer overflow if
the size of the group list is too small to hold all the user's groups.
This overflow can cause segmentation faults in user applications, which may
have security implications, depending on the application in question. This
vulnerability exists only when an administrator has placed a user in a
number of groups larger than that expected by an application. Therefore,
there is no risk in instances where users are members of few groups. The
Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CAN-2003-0689 to this issue.

Herbert Xu reported that various applications can accept spoofed messages
sent on the kernel netlink interface by other users on the local machine.
This could lead to a local denial of service attack. In Red Hat Linux 9
and later, the glibc function getifaddrs uses netlink and could therefore
be vulnerable to this issue. The Common Vulnerabilities and Exposures
project (cve.mitre.org) has assigned the name CAN-2003-0859 to this issue.

In addition to the security issues, a number of other bugs were fixed.

Users are advised to upgrade to these erratum packages, which contain a
patch that checks that netlink messages actually came from the kernel, a
backported security patch for the getgroups list vulnerability, and patches
for the various bug fixes.

[Update 2003-11-13]: The packages for Red Hat Linux 9 have been updated
for compatibility with kernels not provided by Red Hat.

アップデート・パッケージ:

Red Hat Linux 7.1

SRPMS:
glibc-2.2.4-33.src.rpm [ via FTP ] [ via HTTP ]	`08a9d7fdb2cc277c80f5a0e1529d7774`

i386:
glibc-2.2.4-33.i386.rpm [ via FTP ] [ via HTTP ]	`83d041d5a108d6a27d5bb7e465c62d45`
glibc-common-2.2.4-33.i386.rpm [ via FTP ] [ via HTTP ]	`a99df9fce0cf177d42f611ca178a6717`
glibc-devel-2.2.4-33.i386.rpm [ via FTP ] [ via HTTP ]	`9848447715453548af83418087deccd4`
glibc-profile-2.2.4-33.i386.rpm [ via FTP ] [ via HTTP ]	`d68a6aec30cf1e7d8fb7fc1c0b95e00d`
nscd-2.2.4-33.i386.rpm [ via FTP ] [ via HTTP ]	`bee8aa9dd31b75b099c9fc6c5bd3295f`

i686:
glibc-2.2.4-33.i686.rpm [ via FTP ] [ via HTTP ]	`5585734c0358b3ba1f952dedbd9c443f`

Red Hat Linux 7.2

SRPMS:
glibc-2.2.4-33.src.rpm [ via FTP ] [ via HTTP ]	`08a9d7fdb2cc277c80f5a0e1529d7774`

i386:
glibc-2.2.4-33.i386.rpm [ via FTP ] [ via HTTP ]	`83d041d5a108d6a27d5bb7e465c62d45`
glibc-common-2.2.4-33.i386.rpm [ via FTP ] [ via HTTP ]	`a99df9fce0cf177d42f611ca178a6717`
glibc-devel-2.2.4-33.i386.rpm [ via FTP ] [ via HTTP ]	`9848447715453548af83418087deccd4`
glibc-profile-2.2.4-33.i386.rpm [ via FTP ] [ via HTTP ]	`d68a6aec30cf1e7d8fb7fc1c0b95e00d`
nscd-2.2.4-33.i386.rpm [ via FTP ] [ via HTTP ]	`bee8aa9dd31b75b099c9fc6c5bd3295f`

i686:
glibc-2.2.4-33.i686.rpm [ via FTP ] [ via HTTP ]	`5585734c0358b3ba1f952dedbd9c443f`

ia64:
glibc-2.2.4-33.ia64.rpm [ via FTP ] [ via HTTP ]	`d0ded4d10fc72bfa3da24de5a7a078a0`
glibc-common-2.2.4-33.ia64.rpm [ via FTP ] [ via HTTP ]	`44a7683cdfd8f763ccb1405784815fe4`
glibc-devel-2.2.4-33.ia64.rpm [ via FTP ] [ via HTTP ]	`5bd01df1cfc06fed52b3dd2928cef950`
glibc-profile-2.2.4-33.ia64.rpm [ via FTP ] [ via HTTP ]	`27738cfcb12b46ee61e02950b39ed44e`
nscd-2.2.4-33.ia64.rpm [ via FTP ] [ via HTTP ]	`a0aad5ab63319615dac47dde5b5d9e16`

Red Hat Linux 7.3

SRPMS:
glibc-2.2.5-44.src.rpm [ via FTP ] [ via HTTP ]	`8a161087ca8a0262fd1cdec70a0486a6`

i386:
glibc-2.2.5-44.i386.rpm [ via FTP ] [ via HTTP ]	`eb0107c7a3187b0c782314bf3cf38771`
glibc-common-2.2.5-44.i386.rpm [ via FTP ] [ via HTTP ]	`a22c95134d40d601ba1ee4dd69cb8372`
glibc-debug-2.2.5-44.i386.rpm [ via FTP ] [ via HTTP ]	`46ed43e8ce6108be6dc628dc14093df5`
glibc-debug-static-2.2.5-44.i386.rpm [ via FTP ] [ via HTTP ]	`7945db62704b881f661b6972420564c1`
glibc-devel-2.2.5-44.i386.rpm [ via FTP ] [ via HTTP ]	`128c022a95b405e9628711f65e9bdf0b`
glibc-profile-2.2.5-44.i386.rpm [ via FTP ] [ via HTTP ]	`241a34a7487d9ff11bea274a11812f73`
glibc-utils-2.2.5-44.i386.rpm [ via FTP ] [ via HTTP ]	`1ba6bb800c87ed6eb497862da2e5d428`
nscd-2.2.5-44.i386.rpm [ via FTP ] [ via HTTP ]	`3a465a1bbb95463cc837f1a3e7a20dbd`

i686:
glibc-2.2.5-44.i686.rpm [ via FTP ] [ via HTTP ]	`6c915957618eb229d17f1db2f0684f0f`
glibc-debug-2.2.5-44.i686.rpm [ via FTP ] [ via HTTP ]	`82fe179cf917a3b012bdb1b2c50d6e7d`

Red Hat Linux 8.0

SRPMS:
glibc-2.3.2-4.80.8.src.rpm [ via FTP ] [ via HTTP ]	`d6c96dff6893d449a57439ec3b362ded`

i386:
glibc-2.3.2-4.80.8.i386.rpm [ via FTP ] [ via HTTP ]	`8058c50430bca5ee527c3521b8cd5019`
glibc-common-2.3.2-4.80.8.i386.rpm [ via FTP ] [ via HTTP ]	`62019c1ecff44880be70871a9b52c4bc`
glibc-debug-2.3.2-4.80.8.i386.rpm [ via FTP ] [ via HTTP ]	`854a98301d8b8000c752a25d70b6634b`
glibc-debug-static-2.3.2-4.80.8.i386.rpm [ via FTP ] [ via HTTP ]	`44eb3be20de572a08370182cb5ee82d9`
glibc-devel-2.3.2-4.80.8.i386.rpm [ via FTP ] [ via HTTP ]	`4b091e271eac8c15ff68112b8b74b597`
glibc-profile-2.3.2-4.80.8.i386.rpm [ via FTP ] [ via HTTP ]	`1bf2647c6eadf4ca934f9a8e6ab5c8d4`
glibc-utils-2.3.2-4.80.8.i386.rpm [ via FTP ] [ via HTTP ]	`abfc2b5f8ee84966f136a6d703fb104d`
nscd-2.3.2-4.80.8.i386.rpm [ via FTP ] [ via HTTP ]	`0c890751f548c460207e2514ca61b3ca`

i686:
glibc-2.3.2-4.80.8.i686.rpm [ via FTP ] [ via HTTP ]	`44d62332cb2494a62ad95473237b5ad4`
glibc-debug-2.3.2-4.80.8.i686.rpm [ via FTP ] [ via HTTP ]	`1a74ed2bd5bc54a33f21543a59805235`

Red Hat Linux 9

SRPMS:
glibc-2.3.2-27.9.7.src.rpm [ via FTP ] [ via HTTP ]	`b0835a2d24994b0ec50b73f10e91c839`

i386:
glibc-2.3.2-27.9.7.i386.rpm [ via FTP ] [ via HTTP ]	`8e9e1bd574b10b6a55ee627973a46c7d`
glibc-common-2.3.2-27.9.7.i386.rpm [ via FTP ] [ via HTTP ]	`9a369a25585261ac590e4e02cde90d49`
glibc-debug-2.3.2-27.9.7.i386.rpm [ via FTP ] [ via HTTP ]	`54c566f6dbf63e8efd8d48fcd845f48d`
glibc-devel-2.3.2-27.9.7.i386.rpm [ via FTP ] [ via HTTP ]	`83e103623d0b9e05937edc775094ad68`
glibc-profile-2.3.2-27.9.7.i386.rpm [ via FTP ] [ via HTTP ]	`7e6d0c5f8586a2605ed38d8ceb768973`
glibc-utils-2.3.2-27.9.7.i386.rpm [ via FTP ] [ via HTTP ]	`14f1b45918fc14abd744776c6cc8c9ce`
nscd-2.3.2-27.9.7.i386.rpm [ via FTP ] [ via HTTP ]	`920d4bfedfb843818a38dcdfc491c6ef`

i686:
glibc-2.3.2-27.9.7.i686.rpm [ via FTP ] [ via HTTP ]	`b1311b31b1e2f349aaef5bba91be3caa`
nptl-devel-2.3.2-27.9.7.i686.rpm [ via FTP ] [ via HTTP ]	`2d7819fa0bd582e4746e9b8ddbbceecf`

解決法:

このアップデートを適用する前に、システムに関連するリリース済の errata が適用済であることをご確認ください。
それぞれのアーキテクチャで全てのRPMをアップデートするには、以下のコマンドを実行してください：

rpm -Fvh [filename]

[filename] は、アップデートしたいRPMのファイル名です。現在インストールされているパッケージのみ、アップグレードされます。現在いるディレクトリにインストールしたいRPM *しか* 無い場合には、ワイルドカード (*.rpm) も使うことができます。
このアップデートは、Red Hat Network 経由でも行なえます。アップデートを適用する非常に簡便な方法です。Red hat Network をご利用になるには、以下のコマンドで、アップデートエージェントを起動してください。

up2date

このコマンドで、システムに適切なRPMをアップグレードする対話形式のプロセスを起動します。

バグジラ: (詳細は、こちらbugzilla[英語]を御覧ください。)

101261 - getnameinfo fails to to reverse lookup on IPv6 addresses
101691 - CAN-2003-0689 Buffer overrun in getgrouplist function in initgroups.c
102709 - NPTL pthread_cond_broadcast hangs.
103727 - LD_PROFILE=libc.so.6 and sprof give seg fault
105348 - Closing socket breaks the cancellation type of current thread
107846 - locale utility is broken on big-endian 64-bit platforms
108634 - Signal handler installation races with signal, glibc-2.3.2
109904 - problems after [RHSA-2003:325-01] glibc upgrades
109918 - executable code in .data in ld.so renders system unusable for PaX users
54697 - nscd locks immediately if started with -t 1 and nss_ldap is used
83973 - Wrong sort order for uk_UA locale
85994 - SIGSEGV in malloc: __morecore clobbered by perror conflict with _IO_check_libio
86032 - trailing spaces in /etc/ld.so.conf entries are not ignored
88409 - strxfrm() overruns buffer by indexing with uninitialized value
88456 - glibc-2.3.2-27.9.i686.rpm does not rpm -Fvh properly.
88978 - locale ja_JP.UTF-8 has two undefined bytes [buffer overrun]
89448 - getaddrinfo segv - unitialized structure?
90002 - binary compatibility for '_res' broken in glibc 2.3.x
90036 - race/deadlock in fork() with signal handler.
90077 - fopen@GLIBC_2_0 corrupts memory arena by buffer overrun
90301 - Programs fail at exit if compiled with gcc and cxa_atexit
90987 - sprintf() is limited to 2^26 bytes.
91567 - setegid sets saved gid
97814 - "Incorrectly built binary which accesses errno..." message in elf/rtld.c needs some way to be silenced.
97828 - Sudo returns segmentation fault
98966 - ldconfig automatically prepends /usr/lib and /lib to search order

参照:

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0689
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0859

キーワード:

getgrouplist, netlink

ここに在るパッケージはセキュリティの為、 Red Hat, Inc. によって、 GPG 認証されています。キーは以下から利用可能になっています:
http://www.redhat.com/about/contact.html

各パッケージを確認するには次のコマンドをご利用ください: rpm --checksig filename
各パッケージが壊れていないか、もしくは改ざんされていないかを確認するには、以下のコマンドで MD5 チェックサムをお調べください: rpm --checksig --nogpg filename
注意: GnuPG キーをチェックするためには、RPM 3.0 以上が必要です。

メインリンク:

Links for this section: