[PLUG] [dawson at FNAL.GOV: TESTING - glibc security update fix for SL5]
Keith Lofstrom
keithl at kl-ic.com
Wed Apr 13 15:49:44 UTC 2011
For those of you running RHEL5 clones ( RedHat Enterprise Linux 5,
Scientific Linux 5, CentOS 5, etc ), and had to deal with the glibc
version 58 patch problem, here's a downrev patch that works.
It is Really Cool to run a distro supported by folks who are even
more responsive than The Upstream Vendor.
Keith
----- Forwarded message from Troy Dawson <dawson at FNAL.GOV> -----
Date: Tue, 12 Apr 2011 15:51:24 -0500
From: Troy Dawson <dawson at FNAL.GOV>
Subject: TESTING - glibc security update fix for SL5
Hello,
There was a bug with the latest glibc update that went out for SL5.
https://bugzilla.redhat.com/show_bug.cgi?id=693882
It causes evolution to fail, and the gnome panel to crash.
As far as we know, this bug doesn't affect any non-graphical
environment, so servers should be safe.
We have created a glibc with two changes taken out that fix the bug.
The problem is that it removes one of the security patches.
*Security Update Removed* CVE-2011-0536
The fix for CVE-2010-3847 introduced a regression in the way the dynamic
loader expanded the $ORIGIN dynamic string token specified in the RPATH
and RUNPATH entries in the ELF library header. A local attacker could
use this flaw to escalate their privileges via a setuid or setgid
program using such a library.
*Security Updates Still Applied*
CVE-2011-1095, CVE-2011-1071, CVE-2010-0296
This fix is for those admins who had to downgrade their glibc due to
evolution and/or gnome-panel crashing. We feel it is better for them to
have three security patches, rather than none.
We do not plan on pushing this out, we are waiting for a fix from TUV.
To test or update
SL5
-------
yum --enablerepo=sl-testing update glibc\*
or you can download rpm's by hand at
http://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/glibc/
http://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/glibc/
glibc-2.5-58.el5_6.2.6.sl5
Thanks
Troy Dawson
--
__________________________________________________
Troy Dawson dawson at fnal.gov (630)840-6468
Fermilab ComputingDivision/LCSI/CSI DSS Group
__________________________________________________
----- End forwarded message -----
--
Keith Lofstrom keithl at keithl.com Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
More information about the PLUG
mailing list