Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so, locale and gettext

[Jim Knoble <jmknoble () PINT-STOWP CX>]

What about the compatibility glibc libraries under Red Hat Linux 6.x:

  $ cat /etc/redhat-release
  Red Hat Linux release 6.2 (Zoot)
  $ rpm -qa |fgrep compat |fgrep libc
  compat-glibc-5.2-2.0.7.2
  $

Are they vulnerable?  Will a fix be released?  Do any other
distributions have such compatibility libraries?

--
jim knoble | jmknoble () jmknoble cx | http://www.jmknoble.cx/


Circa 2000-Sep-07 16:37:00 -0400 dixit bugzilla () REDHAT COM:

: ---------------------------------------------------------------------
:                    Red Hat, Inc. Security Advisory
:
: Synopsis:          glibc vulnerabilities in ld.so, locale and gettext
: Advisory ID:       RHSA-2000:057-04
: Issue date:        2000-09-01
: Updated on:        2000-09-07
: Product:           Red Hat Linux
: Keywords:          glibc ld.so locale LANG gettext LD_PRELOAD threads
: Cross references:  N/A
: ---------------------------------------------------------------------
:
: 1. Topic:
:
: Several bugs were discovered in glibc which could allow local users to
: gain root privileges.
:
: 2. Relevant releases/architectures:
:
: Red Hat Linux 5.0 - i386, alpha
: Red Hat Linux 5.1 - i386, alpha, sparc
: Red Hat Linux 5.2 - i386, alpha, sparc
 ^^^^^^^^^^^^^^^^^^^
: Red Hat Linux 6.0 - i386, alpha, sparc
: Red Hat Linux 6.1 - i386, alpha, sparc, sparcv9
: Red Hat Linux 6.2 - i386, alpha, sparc, sparcv9

  [...]

: 6. RPMs required:
  [...]
: Red Hat Linux 6.2:
  [...]
: i386:
: ftp://updates.redhat.com/6.2/i386/glibc-2.1.3-21.i386.rpm
: ftp://updates.redhat.com/6.2/i386/glibc-devel-2.1.3-21.i386.rpm
: ftp://updates.redhat.com/6.2/i386/glibc-profile-2.1.3-21.i386.rpm
: ftp://updates.redhat.com/6.2/i386/nscd-2.1.3-21.i386.rpm
:

  [Note no compat packages listed...]

: sources:
: ftp://updates.redhat.com/6.2/SRPMS/glibc-2.1.3-21.src.rpm
:
: 7. Verification: [....]