[PLUG] [dawson at FNAL.GOV: TESTING - glibc security update fix for SL5]

Keith Lofstrom keithl at kl-ic.com
Wed Apr 13 15:49:44 UTC 2011


For those of you running RHEL5 clones ( RedHat Enterprise Linux 5,
Scientific Linux 5, CentOS 5, etc ), and had to deal with the glibc
version 58 patch problem, here's a downrev patch that works. 

It is Really Cool to run a distro supported by folks who are even
more responsive than The Upstream Vendor.

Keith

----- Forwarded message from Troy Dawson <dawson at FNAL.GOV> -----

Date:    Tue, 12 Apr 2011 15:51:24 -0500
From:    Troy Dawson <dawson at FNAL.GOV>
Subject: TESTING - glibc security update fix for SL5

Hello,
There was a bug with the latest glibc update that went out for SL5.
https://bugzilla.redhat.com/show_bug.cgi?id=693882
It causes evolution to fail, and the gnome panel to crash.

As far as we know, this bug doesn't affect any non-graphical 
environment, so servers should be safe.

We have created a glibc with two changes taken out that fix the bug. 
The problem is that it removes one of the security patches.

*Security Update Removed* CVE-2011-0536
The fix for CVE-2010-3847 introduced a regression in the way the dynamic
loader expanded the $ORIGIN dynamic string token specified in the RPATH 
and RUNPATH entries in the ELF library header. A local attacker could 
use this flaw to escalate their privileges via a setuid or setgid 
program using such a library.

*Security Updates Still Applied*
CVE-2011-1095, CVE-2011-1071, CVE-2010-0296

This fix is for those admins who had to downgrade their glibc due to 
evolution and/or gnome-panel crashing.  We feel it is better for them to 
have three security patches, rather than none.

We do not plan on pushing this out, we are waiting for a fix from TUV.

To test or update

SL5
-------

            yum --enablerepo=sl-testing update glibc\*

or you can download rpm's by hand at

http://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/glibc/
http://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/glibc/

glibc-2.5-58.el5_6.2.6.sl5

Thanks
Troy Dawson
--
__________________________________________________
Troy Dawson  dawson at fnal.gov  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________

----- End forwarded message -----

-- 
Keith Lofstrom          keithl at keithl.com         Voice (503)-520-1993
KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs



More information about the PLUG mailing list