Security update for GNU libc (glibc)

Knowledgebase

(Last modified: 29AUG2002)

solutions Security update for GNU libc (glibc) SuSE Linux Maintenance Web (80f4aaba87226a4f5388bd6ab5186f65)

Applies to

Product(s): SuSE Linux Admin-CD for Firewall
SuSE Linux Enterprise Server 7 for IBM zSeries
SuSE eMail Server III
SuSE Linux Enterprise Server 7 for PowerPC
SuSE Linux Enterprise Server 7 for IA32
SuSE Linux Enterprise Server 7 for IA64
SuSE Linux Enterprise Server 7 for S/390 and zSeries
SuSE eMail Server 3.1
SuSE Linux Office Server
SuSE Firewall Adminhost VPN
SuSE Linux Connectivity Server

Package: glibc
glibc-devel
Release: 20020829
Obsoletes: 5d046d5587937c1b994ed260f3f0d1ed

Indications

This update should be installed on all systems.

Contraindications

None.

Problem description

This update fixes a buffer overflow in the RPC code of the glibc libraries. The code responsible for the xdr_array filter primitive can be overflowed in programs using the XDR functions by malicious servers that can send XDR packets to the client. The extent of the problem is limited if the systems in question operate in a properly protected network, but only the update represents a permananent solution for the vulnerability.

Solution

Please install the updates provided at the location noted below.

Installation notes

Note This is an update of the central shared libraries of your system. As such, the update is critical with relation to stability. The update process must not be interrupted, and you should keep your system as quiet as possible. In particular, make sure that no shell scripts are running. Processes can crash if they execute a binary program while the RPM update in in process.
If you run the update manually, you can install them onto the running system with
rpm -Fhv glibc.rpm glibc-devel.rpm
Note Please run the command "ldconfig" after successful manual installation of the RPM update packages.
Also note that if you haven't installed the previous glibc patch as described in article "Recommended update for GlibC " (http://sdb.suse.de/en/psdb/html/5d046d5587937c1b994ed260f3f0d1ed.html) you'll additionally have to install the packages rpm and timezone from that patch.

links to download packages

Download Source Packages

Download the source code of the patches for maintained products.

Disclaimer

The Origin of this information may be internal or external to Novell. Novell makes all reasonable efforts to verify this information. However, the information provided in this document is for your information only. Novell makes no explicit or implied claims to the validity of this information.

Any trademarks referenced in this document are the property of their respective owners. Consult your product manuals for complete trademark information.