Gentoo Archives: gentoo-announce

From: Seemant Kulleen <seemant@g.o>
To: gentoo-announce@g.o, lwn@×××.net, gentoo-user@g.o, gentoo-dev@g.o, gentoo-desktop@g.o, gentoo-newbies@g.o, gentoo-security@g.o, gentoo-sparc@g.o, gentoo-user@g.o, gentoo-user-es@g.o, gentooppc-dev@g.o, gentooppc-user@g.o
Subject: [gentoo-announce] GLSA: glibc
Date: Sat, 13 Jul 2002 16:46:04
Message-Id: 20020713144555.20a0e4c7.seemant@gentoo.org
1 - -----------------------------------------------------------------------
2 GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT
3 - -----------------------------------------------------------------------
4 PACKAGE : glibc
5 SUMMARY : buffer overflow vulnerability in glibc
6 DATE : Sat Jul 13 21:36:11 UTC 2002
7 - -----------------------------------------------------------------------
8
9 OVERVIEW
10
11 The DNS resolver code in glibc may allow a remote attacker to send
12 malicious dns responses to execute arbitrary code or cause a denial of
13 service attack on affected systems.
14
15 DETAIL
16
17 Any code run by the attacker would run with the same privileges as the
18 process which calls the resolver library. Additionally, the attacker may
19 cause one of the services on the victim machine to make DNS requests to a
20 server under the attacker's control and execute more arbitrary code.
21
22 http://www.cert.org/advisories/CA-2002-19.html
23 http://bugs.gentoo.org/show_bug.cgi?id=4923
24
25
26 SOLUTION
27
28 It is recommended that all Gentoo Linux users update their systems as
29 follows.
30
31 emerge --clean rsync
32 emerge glibc
33 emerge clean
34
35 - ------------------------------------------------------------------------
36 MichaelThompson@××××××.com
37 azarah@g.o
38 seemant@g.o
39 drobbins@g.o
40 - ------------------------------------------------------------------------