1 |
-----BEGIN PGP SIGNED MESSAGE----- |
2 |
Hash: SHA1 |
3 |
|
4 |
|
5 |
- - --------------------------------------------------------------------------- |
6 |
GENTOO LINUX SECURITY ANNOUNCEMENT 200311-05 |
7 |
- - --------------------------------------------------------------------------- |
8 |
|
9 |
GLSA: 200311-05 |
10 |
package: sys-libs/glibc |
11 |
summary: Glibc getgrouplist buffer overrun vulnerability |
12 |
severity: normal |
13 |
Gentoo bug: 33383 |
14 |
date: 2003-11-22 |
15 |
CVE: CAN-2003-0689 |
16 |
affected: <=2.2.4 |
17 |
fixed: >=2.2.5 |
18 |
|
19 |
DESCRIPTION: |
20 |
|
21 |
|
22 |
A bug in the getgrouplist function can cause a buffer overflow if the size of |
23 |
the group list is too small to hold all the user's groups. This overflow can |
24 |
cause segmentation faults in user applications. This vulnerability exists |
25 |
only when an administrator has placed a user in a number of groups larger |
26 |
than that expected by an application. |
27 |
|
28 |
|
29 |
SOLUTION: |
30 |
|
31 |
|
32 |
It is recommended that all Gentoo Linux users update their systems as |
33 |
follows: |
34 |
|
35 |
emerge sync |
36 |
emerge '>=sys-libs/glibc-2.2.5' |
37 |
emerge clean |
38 |
|
39 |
|
40 |
- -- |
41 |
Andrea Barisani <lcars@g.o> .*. |
42 |
Gentoo Linux Infrastructure Developer V |
43 |
( ) |
44 |
GPG-Key 0xC9EE0905 http://dev.gentoo.org/~lcars/pubkey.asc ( ) |
45 |
491D E9E0 3875 0EC9 10DD 150B CAA9 2C7D C9EE 0905 ^^_^^ |
46 |
|
47 |
|
48 |
-----BEGIN PGP SIGNATURE----- |
49 |
Version: GnuPG v1.2.3 (GNU/Linux) |
50 |
|
51 |
iD8DBQE/wi7zyqksfcnuCQURAvuSAJ97zIRL9qlicQB6HYG2jjoQ1Y4SLwCaAg8w |
52 |
jqF5Mni+HSg5NhrUOnmOQek= |
53 |
=MDV8 |
54 |
-----END PGP SIGNATURE----- |