Re: [SECURITY] [DSA 149-2] New glibc packages fix

To: libc6@packages.debian.org
Subject: Re: [SECURITY] [DSA 149-2] New glibc packages fix
From: Steve Doerr <sdoerr@swbell.net>
Date: Thu, 26 Sep 2002 21:04:58 -0500
Message-id: <[🔎] 3D93BCCA.1000001@swbell.net>

Hello. Is there a patch available to apply to version 2.2.5-14.3, orwill an upgraded package be available in unstable soon for the following?


Wolfram Gloger discovered that the bugfix from DSA 149-1 unintentially
replaced potential integer overflows in connection with malloc() with
more likely divisions by zero.  This called for an update.  For
completeness the original security advisory said:

 An integer overflow bug has been discovered in the RPC library used
 by GNU libc, which is derived from the SunRPC library.  This bug
 could be exploited to gain unauthorized root access to software
 linking to this code.  The packages below also fix integer overflows
 in the malloc code.

Thanks for any input.

Steve

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 149-2] New glibc packages fix
  - From: Ben Collins <bcollins@debian.org>

Prev by Date: Re: libc6 dependency generation
Next by Date: Re: libc6 dependency generation
Previous by thread: Re: libc6 dependency generation
Next by thread: Re: [SECURITY] [DSA 149-2] New glibc packages fix
Index(es):
- Date
- Thread