Mandriva Linux Security Advisory 2011-178 - Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library, including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object in a subdirectory of the current working directory during execution of a setgid program that has in RUNPATH. Various other issues have also been addressed. The updated packages have been patched to correct these issues.
ade7f27c2b90a4568194c6f6e9c260f93617d30578dfd177141648cd58e91d11
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______________________________________________________________________
Mandriva Linux Security Advisory MDVSA-2011:178
http://www.mandriva.com/security/
_______________________________________________________________________
Package : glibc
Date : November 25, 2011
Affected: 2010.1, Enterprise Server 5.0
_______________________________________________________________________
Problem Description:
Multiple vulnerabilities was discovered and fixed in glibc:
Multiple untrusted search path vulnerabilities in elf/dl-object.c in
certain modified versions of the GNU C Library (aka glibc or libc6),
including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat
Enterprise Linux, allow local users to gain privileges via a crafted
dynamic shared object (DSO) in a subdirectory of the current working
directory during execution of a (1) setuid or (2) setgid program that
has in (a) RPATH or (b) RUNPATH. NOTE: this issue exists because
of an incorrect fix for CVE-2010-3847 (CVE-2011-0536).
The GNU C Library (aka glibc or libc6) before 2.12.2 and Embedded GLIBC
(EGLIBC) allow context-dependent attackers to execute arbitrary code
or cause a denial of service (memory consumption) via a long UTF8
string that is used in an fnmatch call, aka a stack extension attack,
a related issue to CVE-2010-2898, as originally reported for use of
this library by Google Chrome (CVE-2011-1071).
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13
and earlier does not report an error status for failed attempts to
write to the /etc/mtab file, which makes it easier for local users
to trigger corruption of this file, as demonstrated by writes from
a process with a small RLIMIT_FSIZE value, a different vulnerability
than CVE-2010-0296 (CVE-2011-1089).
locale/programs/locale.c in locale in the GNU C Library (aka glibc
or libc6) before 2.13 does not quote its output, which might allow
local users to gain privileges via a crafted localization environment
variable, in conjunction with a program that executes a script that
uses the eval function (CVE-2011-1095).
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or
libc6) 2.13 and earlier allows context-dependent attackers to cause a
denial of service (application crash) via a long UTF8 string that is
used in an fnmatch call with a crafted pattern argument, a different
vulnerability than CVE-2011-1071 (CVE-2011-1659).
crypt_blowfish before 1.1, as used in glibc on certain platforms,
does not properly handle 8-bit characters, which makes it easier
for context-dependent attackers to determine a cleartext password by
leveraging knowledge of a password hash (CVE-2011-2483).
The updated packages have been patched to correct these issues.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0536
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1071
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1095
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1659
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2483
_______________________________________________________________________
Updated Packages:
Mandriva Linux 2010.1:
4af7f6efb12c5be3ad435a6d9865be57 2010.1/i586/glibc-2.11.1-8.3mnb2.i586.rpm
82f97e43fc7ab7ee2fbfc92d9ed844f0 2010.1/i586/glibc-devel-2.11.1-8.3mnb2.i586.rpm
013f4da3b270a6860e9ae171b456a488 2010.1/i586/glibc-doc-2.11.1-8.3mnb2.i586.rpm
65da2025a253885a3a3e0699eb407a61 2010.1/i586/glibc-doc-pdf-2.11.1-8.3mnb2.i586.rpm
e5b6f256bad2b8afa7674e2f4d3c80bc 2010.1/i586/glibc-i18ndata-2.11.1-8.3mnb2.i586.rpm
319ecf5d08bc0e0aab9b0cf3e5cf6a6e 2010.1/i586/glibc-profile-2.11.1-8.3mnb2.i586.rpm
99c144bfc7581d9f3b885c7a630c89ce 2010.1/i586/glibc-static-devel-2.11.1-8.3mnb2.i586.rpm
966e023400d62e841942b69bae4d06de 2010.1/i586/glibc-utils-2.11.1-8.3mnb2.i586.rpm
577f1f88b14add8ea8753b17d730cb8a 2010.1/i586/nscd-2.11.1-8.3mnb2.i586.rpm
2e1bffb07071cb21ef6363c21588f4b7 2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm
Mandriva Linux 2010.1/X86_64:
05e4da86aea47726b27c00e3f26e3445 2010.1/x86_64/glibc-2.11.1-8.3mnb2.x86_64.rpm
d3689fe0a7ae8e4c0e309b34c82cabfd 2010.1/x86_64/glibc-devel-2.11.1-8.3mnb2.x86_64.rpm
b8be4de2a9c6a8e3effe06234429a227 2010.1/x86_64/glibc-doc-2.11.1-8.3mnb2.x86_64.rpm
1ac19950a67c4ee965b0ae9d2d6a0396 2010.1/x86_64/glibc-doc-pdf-2.11.1-8.3mnb2.x86_64.rpm
54031c917cb54a5abc42ebaf30dfe894 2010.1/x86_64/glibc-i18ndata-2.11.1-8.3mnb2.x86_64.rpm
18c2a1354df2094a7508b1990420ab5b 2010.1/x86_64/glibc-profile-2.11.1-8.3mnb2.x86_64.rpm
f8cef0d317c3ccbb5446672a1cf00ad6 2010.1/x86_64/glibc-static-devel-2.11.1-8.3mnb2.x86_64.rpm
78b27e0739627abebc7c43fbf82e107b 2010.1/x86_64/glibc-utils-2.11.1-8.3mnb2.x86_64.rpm
e37194682e8ef10c21a8d8483e76b3f4 2010.1/x86_64/nscd-2.11.1-8.3mnb2.x86_64.rpm
2e1bffb07071cb21ef6363c21588f4b7 2010.1/SRPMS/glibc-2.11.1-8.3mnb2.src.rpm
Mandriva Enterprise Server 5:
73cffaaa03648c9eb01ed50b5fdd0cee mes5/i586/glibc-2.8-1.20080520.5.8mnb2.i586.rpm
5e9ec7d6e3f319b5076dd51506d47032 mes5/i586/glibc-devel-2.8-1.20080520.5.8mnb2.i586.rpm
c80b37f1a750968735f8ce51c920e84e mes5/i586/glibc-doc-2.8-1.20080520.5.8mnb2.i586.rpm
7de1f541c2bf6e17a4f3007cad517140 mes5/i586/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.i586.rpm
27a365665846989b629b0cb3fb15acfd mes5/i586/glibc-i18ndata-2.8-1.20080520.5.8mnb2.i586.rpm
3f2f68a0bc47bace3586919671c7f1b4 mes5/i586/glibc-profile-2.8-1.20080520.5.8mnb2.i586.rpm
17019cf79cf3864c537e12aefd48a23d mes5/i586/glibc-static-devel-2.8-1.20080520.5.8mnb2.i586.rpm
7ad8f634ee4e0c5fc0f340dcfebcf0fb mes5/i586/glibc-utils-2.8-1.20080520.5.8mnb2.i586.rpm
53a5dc175995723322a13a7e3bbd6c41 mes5/i586/nscd-2.8-1.20080520.5.8mnb2.i586.rpm
6fcd77d9eac9fa71f91dcb1218afd628 mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm
Mandriva Enterprise Server 5/X86_64:
33f73ece95aa39c59e0370449f13d3af mes5/x86_64/glibc-2.8-1.20080520.5.8mnb2.x86_64.rpm
626f8e4774270e50c5e9bf2bc7dfa64c mes5/x86_64/glibc-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm
c9d59258ac0fc0463c585405bb46327a mes5/x86_64/glibc-doc-2.8-1.20080520.5.8mnb2.x86_64.rpm
f81b494a1d394c48921c99983288c538 mes5/x86_64/glibc-doc-pdf-2.8-1.20080520.5.8mnb2.x86_64.rpm
1c972a49ecbfc91d0a156dd743894c14 mes5/x86_64/glibc-i18ndata-2.8-1.20080520.5.8mnb2.x86_64.rpm
45aa431a8a9920d188698ae64fe5466d mes5/x86_64/glibc-profile-2.8-1.20080520.5.8mnb2.x86_64.rpm
ecf5dca4c8bc49c1e3ebeb2a698b38a3 mes5/x86_64/glibc-static-devel-2.8-1.20080520.5.8mnb2.x86_64.rpm
8de7d2dfa8ea598aac75faf24f606f13 mes5/x86_64/glibc-utils-2.8-1.20080520.5.8mnb2.x86_64.rpm
7615c6e96903c8c146d5ae2d2912c6ee mes5/x86_64/nscd-2.8-1.20080520.5.8mnb2.x86_64.rpm
6fcd77d9eac9fa71f91dcb1218afd628 mes5/SRPMS/glibc-2.8-1.20080520.5.8mnb2.src.rpm
_______________________________________________________________________
To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:
gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98
You can view other update advisories for Mandriva Linux at:
http://www.mandriva.com/security/advisories
If you want to report vulnerabilities, please contact
security_(at)_mandriva.com
_______________________________________________________________________
Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
<security*mandriva.com>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iD8DBQFOz9t8mqjQ0CJFipgRApgMAKDCqECazAj1XIHHxrkgU20PDJYFkgCgwVPy
TvvKkY3VN0Zc9M0LYEgkNUg=
=P3KM
-----END PGP SIGNATURE-----