From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 4.0.0 (2022-12-14) on finch.gentoo.org X-Spam-Level: ** X-Spam-Status: No, score=2.8 required=5.0 tests=DMARC_NONE, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_DYNAMIC, SUSPICIOUS_RECIPS autolearn=no autolearn_force=no version=4.0.0 Received: from okhomes.homedns.org (ca-stmnca-cuda1-blade2b-101.stmnca.adelphia.net [68.65.195.101]) by chiba.3jane.net (Postfix) with ESMTP id E458AABD4F; Sat, 13 Jul 2002 16:46:04 -0500 (CDT) Received: by okhomes.homedns.org (Postfix, from userid 1000) id D0CB3154242; Sat, 13 Jul 2002 14:45:55 -0700 (PDT) Date: Sat, 13 Jul 2002 14:45:55 -0700 From: Seemant Kulleen To: gentoo-announce@gentoo.org, lwn@lwn.net, gentoo-user@gentoo.org, gentoo-dev@gentoo.org, gentoo-desktop@gentoo.org, gentoo-newbies@gentoo.org, gentoo-security@gentoo.org, gentoo-sparc@gentoo.org, gentoo-user@gentoo.org, gentoo-user-es@gentoo.org, gentooppc-dev@gentoo.org, gentooppc-user@gentoo.org Message-Id: <20020713144555.20a0e4c7.seemant@gentoo.org> X-Mailer: Sylpheed version 0.7.8claws (GTK+ 1.2.10; i686-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Subject: [gentoo-dev] GLSA: glibc Sender: gentoo-dev-admin@gentoo.org Errors-To: gentoo-dev-admin@gentoo.org X-BeenThere: gentoo-dev@gentoo.org X-Mailman-Version: 2.0.6 Precedence: bulk List-Help: List-Post: List-Subscribe: , List-Id: Gentoo Linux developer list List-Unsubscribe: , List-Archive: X-Archives-Salt: 1761031f-3862-496f-8881-d87b7c50b442 X-Archives-Hash: 8ad4857d3e9ce9a95f72d9a44fcaf98f - ----------------------------------------------------------------------- GLSA: GENTOO LINUX SECURITY ANNOUNCEMENT - ----------------------------------------------------------------------- PACKAGE : glibc SUMMARY : buffer overflow vulnerability in glibc DATE : Sat Jul 13 21:36:11 UTC 2002 - ----------------------------------------------------------------------- OVERVIEW The DNS resolver code in glibc may allow a remote attacker to send malicious dns responses to execute arbitrary code or cause a denial of service attack on affected systems. DETAIL Any code run by the attacker would run with the same privileges as the process which calls the resolver library. Additionally, the attacker may cause one of the services on the victim machine to make DNS requests to a server under the attacker's control and execute more arbitrary code. http://www.cert.org/advisories/CA-2002-19.html http://bugs.gentoo.org/show_bug.cgi?id=4923 SOLUTION It is recommended that all Gentoo Linux users update their systems as follows. emerge --clean rsync emerge glibc emerge clean - ------------------------------------------------------------------------ MichaelThompson@tx.slr.com azarah@gentoo.org seemant@gentoo.org drobbins@gentoo.org - ------------------------------------------------------------------------