Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so, locale and gettext

From: Roman Drahtmueller <draht () SUSE DE>
Date: Sat, 9 Sep 2000 02:48:11 +0200
What about the compatibility glibc libraries under Red Hat Linux 6.x:

  $ cat /etc/redhat-release
  Red Hat Linux release 6.2 (Zoot)
  $ rpm -qa |fgrep compat |fgrep libc
  compat-glibc-5.2-2.0.7.2
  $

Are they vulnerable?  Will a fix be released?  Do any other
distributions have such compatibility libraries?


SuSE distributions after (including) Version 6.0 came with libc-5.4.4? for
optional backward compatibility if binaries from older Linux distributions
need the good old libc5. As of today, libc5 is not known to be affected by
the recently discovered locale-related bugs.

SuSE distributions come with binaries linked only against _one_ single
libc/glibc version. (.1.)

***
Compatibility libraries between glibc-2.0 and glibc-2.1 based versions of
SuSE are not provided for stability reasons.
***

SuSE-5.3 came with a package named `shlibs6' (in series a1) to enable the
execution of glibc-2.0-linked programs. This library may be affected by
the recently discovered errors, whereas SuSE-5.3 packages do not depend on
this library, though, as stated in (.1.). Please remove the package using
the command 'rpm -e shlibs6' if you do not need it. There is no update
package for shlibs6 in SuSE-5.3, support for shlibs6/SuSE-5.3 has been
discontinued for stability reasons.


brief overview:

SuSE    Kernel          libc                    optional (not
version version         version                 required) libraries
---------------------------------------------------------------------
5.3     2.0             libc-5.4 (glibc-1)      libc-6.0 (glibc-2.0)
6.0     2.0             libc-6.0 (glibc-2.0)    libc-5.4 (glibc-1)
6.1     2.2             libc-6.0 (glibc-2.0)    libc-5.4 (glibc-1)
6.2     2.2             libc-6.1 (glibc-2.1)    libc-5.4 (glibc-1)
6.3      %                      %                       %
6.4      %                      %                       %
7.0      %                      %                       %


Thanks,
Roman.
--
 -                                                                      -
| Roman Drahtmüller      <draht () suse de> //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -
Previous By Date Next
Previous By Thread Next

Current thread: