Ispravljen nedostatak paketa glibc

U radu programskog paketa glibc uočen je novi sigurnosni propust. Udaljeni zloćudni korisnik ga može iskoristiti za izmjenu proizvoljnih podataka.

Paket:	glibc 2.x
Operacijski sustavi:	Fedora 16
Problem:	pogreška u programskoj komponenti
Iskorištavanje:	udaljeno
Posljedica:	izmjena podataka
Rješenje:	programska zakrpa proizvođača
Izvorni ID preporuke:	FEDORA-2011-17386
Izvor:	Fedora

Problem:
Sigurnosni propust je posljedica pogreške u programskoj komponenti "python".
Posljedica:
Udaljeni napadač navedeni propust može iskoristiti za izmjenu podataka.
Rješenje:
Svim se korisnicima navedenog programskog paketa savjetuje njegova nadogradnja na novije inačice.

Izvorni tekst preporuke

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2011-17386
2011-12-23 03:10:16
--------------------------------------------------------------------------------

Name        : glibc
Product     : Fedora 16
Version     : 2.14.90
Release     : 24.fc16.4
URL         : http://www.gnu.org/software/glibc/
Summary     : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

Reverts 552960 patch which is causing a variety of problems.
* Sun Dec 18 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-24.fc16.3
  - Check values from TZ file header (#767696)
  - Handle EAGAIN from FUTEX_WAIT_REQUEUE_PI (#552960)
  - Add {dist}.#
  - Correct return value from pthread_create when stack alloction fails.
    (#767746)

* Wed Dec 7 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-23
  - Fix a wrong constant in powerpc hypot implementation (#750811)
    #13534 in python bug database
    #13472 in glibc bug database
  - Truncate time values in Linux futimes when falling back to utime

* Mon Dec 5 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-22
  - Mark fortified __FD_ELT as extension (#761021)
  - Fix typo in manual (#708455)

  - Check values from TZ file header (#767696)
  - Handle EAGAIN from FUTEX_WAIT_REQUEUE_PI (#552960)
  - Add {dist}.#
  - Correct return value from pthread_create when stack alloction fails.
    (#767746)

  - Fix a wrong constant in powerpc hypot implementation (#750811)
    #13534 in python bug database
    #13472 in glibc bug database
  - Truncate time values in Linux futimes when falling back to utime

  - Mark fortified __FD_ELT as extension (#761021)
  - Fix typo in manual (#708455)

--------------------------------------------------------------------------------
ChangeLog:

* Thu Dec 22 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-24.fc16.4
- Revert change for 552960, it's causing multiple problems.
* Sun Dec 18 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-24.fc16.3
- Check values from TZ file header (#767696)
  - Handle EAGAIN from FUTEX_WAIT_REQUEUE_PI (#552960)
  - Add {dist}.#
  - Correct return value from pthread_create when stack alloction fails.
    (#767746)
* Wed Dec  7 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-23
- Fix a wrong constant in powerpc hypot implementation (#750811)
          - Truncate time values in Linux futimes when falling back to utime
* Mon Dec  5 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-22
- Mark fortified __FD_ELT as extension (#761021)
  - Fix typo in manual (#708455)
* Wed Nov 30 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-21
- Don't fail in makedb if SELinux is disabled (#750858)
  - Fix access after end of search string in regex matcher (#757887)
* Mon Nov 28 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-20
- Drop lock before calling malloc_printerr (#757881)
* Fri Nov 18 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-19
- Check malloc arena atomically  (BZ#13071)
  - Don't call reused_arena when _int_new_arena failed (#753601)
* Wed Nov 16 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-18
- Fix grouping and reuse other locales in various locales (BZ#13147)
* Tue Nov 15 2011 Jeff Law <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> - 2.14.90-17
Revert bogus commits/rebasing of Nov 14, Nov 11 and Nov 8.  Sources
  should be equivalent to Fedora 16's initial release.
* Wed Oct 26 2011 Fedora Release Engineering <Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.> -
2.14.90-15
- Rebuilt for glibc bug#747377
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #750811 - python fails self checks on ppc (test_cmath)
        https://bugzilla.redhat.com/show_bug.cgi?id=750811
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
Ova e-mail adresa je zaštićena od spambota. Potrebno je omogućiti JavaScript da je vidite.
https://admin.fedoraproject.org/mailman/listinfo/package-announce

Ispravljen nedostatak paketa glibc

Tražilica portala

Aktivnosti

O CIS-u

Posljednje vijesti

Posljednji dokumenti

Ispravljen nedostatak paketa glibc

Tražilica portala

Aktivnosti

O CIS-u

Posljednje sigurnosne preporuke

Posljednje vijesti

Popularni članci

Posljednji dokumenti