Bug#568488: marked as done (eglibc: house of mind attack)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Mon, 08 Feb 2010 09:38:50 +0000
with message-id <E1NeQ4w-0000sL-NG@ries.debian.org>
and subject line Bug#568488: fixed in eglibc 2.11-0exp4
has caused the Debian Bug report #568488,
regarding eglibc: house of mind attack
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
568488: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=568488
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: submit@bugs.debian.org
• Subject: eglibc: house of mind attack
• From: Michael Gilbert <michael.s.gilbert@gmail.com>
• Date: Thu, 4 Feb 2010 23:22:14 -0500
• Message-id: <20100204232214.2f1ad2a6.michael.s.gilbert@gmail.com>

package: eglibc
severity: important
tags: security

hi, it has been disclosed that glibc < 2.11 is vulnerable to a house
of mind attack [0].  i have checked that 2.10 in unstable contains the
vulnerable code.

mike

[0] http://em386.blogspot.com/2010/01/glibc-211-stops-house-of-mind.html

--- End Message ---

--- Begin Message ---

• To: 568488-close@bugs.debian.org
• Subject: Bug#568488: fixed in eglibc 2.11-0exp4
• From: Aurelien Jarno <aurel32@debian.org>
• Date: Mon, 08 Feb 2010 09:38:50 +0000
• Message-id: <E1NeQ4w-0000sL-NG@ries.debian.org>

Source: eglibc
Source-Version: 2.11-0exp4

We believe that the bug you reported is fixed in the latest version of
eglibc, which is due to be installed in the Debian FTP archive:

eglibc-source_2.11-0exp4_all.deb
  to main/e/eglibc/eglibc-source_2.11-0exp4_all.deb
eglibc_2.11-0exp4.diff.gz
  to main/e/eglibc/eglibc_2.11-0exp4.diff.gz
eglibc_2.11-0exp4.dsc
  to main/e/eglibc/eglibc_2.11-0exp4.dsc
glibc-doc_2.11-0exp4_all.deb
  to main/e/eglibc/glibc-doc_2.11-0exp4_all.deb
libc-bin_2.11-0exp4_armel.deb
  to main/e/eglibc/libc-bin_2.11-0exp4_armel.deb
libc-dev-bin_2.11-0exp4_armel.deb
  to main/e/eglibc/libc-dev-bin_2.11-0exp4_armel.deb
libc6-dbg_2.11-0exp4_armel.deb
  to main/e/eglibc/libc6-dbg_2.11-0exp4_armel.deb
libc6-dev_2.11-0exp4_armel.deb
  to main/e/eglibc/libc6-dev_2.11-0exp4_armel.deb
libc6-pic_2.11-0exp4_armel.deb
  to main/e/eglibc/libc6-pic_2.11-0exp4_armel.deb
libc6-prof_2.11-0exp4_armel.deb
  to main/e/eglibc/libc6-prof_2.11-0exp4_armel.deb
libc6-udeb_2.11-0exp4_armel.udeb
  to main/e/eglibc/libc6-udeb_2.11-0exp4_armel.udeb
libc6_2.11-0exp4_armel.deb
  to main/e/eglibc/libc6_2.11-0exp4_armel.deb
libnss-dns-udeb_2.11-0exp4_armel.udeb
  to main/e/eglibc/libnss-dns-udeb_2.11-0exp4_armel.udeb
libnss-files-udeb_2.11-0exp4_armel.udeb
  to main/e/eglibc/libnss-files-udeb_2.11-0exp4_armel.udeb
locales-all_2.11-0exp4_armel.deb
  to main/e/eglibc/locales-all_2.11-0exp4_armel.deb
locales_2.11-0exp4_all.deb
  to main/e/eglibc/locales_2.11-0exp4_all.deb
nscd_2.11-0exp4_armel.deb
  to main/e/eglibc/nscd_2.11-0exp4_armel.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 568488@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Aurelien Jarno <aurel32@debian.org> (supplier of updated eglibc package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 07 Feb 2010 17:58:42 +0100
Source: eglibc
Binary: libc-bin libc-dev-bin glibc-doc eglibc-source locales locales-all nscd libc6 libc6-dev libc6-dbg libc6-prof libc6-pic libc6-udeb libc6.1 libc6.1-dev libc6.1-dbg libc6.1-prof libc6.1-pic libc6.1-udeb libc0.3 libc0.3-dev libc0.3-dbg libc0.3-prof libc0.3-pic libc0.3-udeb libc0.1 libc0.1-dev libc0.1-dbg libc0.1-prof libc0.1-pic libc0.1-udeb libc6-i386 libc6-dev-i386 libc6-sparc64 libc6-dev-sparc64 libc6-s390x libc6-dev-s390x libc6-amd64 libc6-dev-amd64 libc6-powerpc libc6-dev-powerpc libc6-ppc64 libc6-dev-ppc64 libc6-mipsn32 libc6-dev-mipsn32 libc6-mips64 libc6-dev-mips64 libc0.1-i386 libc0.1-dev-i386 libc6-sparcv9b libc6-i686 libc6-xen libc0.1-i686 libc6.1-alphaev67 libnss-dns-udeb libnss-files-udeb
Architecture: source all armel
Version: 2.11-0exp4
Distribution: experimental
Urgency: low
Maintainer: GNU Libc Maintainers <debian-glibc@lists.debian.org>
Changed-By: Aurelien Jarno <aurel32@debian.org>
Description: 
 eglibc-source - Embedded GNU C Library: sources
 glibc-doc  - Embedded GNU C Library: Documentation
 libc-bin   - Embedded GNU C Library: Binaries
 libc-dev-bin - Embedded GNU C Library: Development binaries
 libc0.1    - Embedded GNU C Library: Shared libraries
 libc0.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.1-dev-i386 - GNU C Library: 32bit development libraries for AMD64
 libc0.1-i386 - GNU C Library: 32bit shared libraries for AMD64
 libc0.1-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc0.1-pic - Embedded GNU C Library: PIC archive library
 libc0.1-prof - Embedded GNU C Library: Profiling Libraries
 libc0.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc0.3    - Embedded GNU C Library: Shared libraries
 libc0.3-dbg - Embedded GNU C Library: detached debugging symbols
 libc0.3-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc0.3-pic - Embedded GNU C Library: PIC archive library
 libc0.3-prof - Embedded GNU C Library: Profiling Libraries
 libc0.3-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6      - Embedded GNU C Library: Shared libraries
 libc6-amd64 - GNU C Library: 64bit Shared libraries for AMD64
 libc6-dbg  - Embedded GNU C Library: detached debugging symbols
 libc6-dev  - Embedded GNU C Library: Development Libraries and Header Files
 libc6-dev-amd64 - GNU C Library: 64bit Development Libraries for AMD64
 libc6-dev-i386 - GNU C Library: 32-bit development libraries for AMD64
 libc6-dev-mips64 - GNU C Library: 64bit Development Libraries for MIPS64
 libc6-dev-mipsn32 - GNU C Library: n32 Development Libraries for MIPS64
 libc6-dev-powerpc - GNU C Library: 32bit powerpc development libraries for ppc64
 libc6-dev-ppc64 - GNU C Library: 64bit Development Libraries for PowerPC64
 libc6-dev-s390x - GNU C Library: 64bit Development Libraries for IBM zSeries
 libc6-dev-sparc64 - GNU C Library: 64bit Development Libraries for UltraSPARC
 libc6-i386 - GNU C Library: 32-bit shared libraries for AMD64
 libc6-i686 - GNU C Library: Shared libraries [i686 optimized]
 libc6-mips64 - GNU C Library: 64bit Shared libraries for MIPS64
 libc6-mipsn32 - GNU C Library: n32 Shared libraries for MIPS64
 libc6-pic  - Embedded GNU C Library: PIC archive library
 libc6-powerpc - GNU C Library: 32bit powerpc shared libraries for ppc64
 libc6-ppc64 - GNU C Library: 64bit Shared libraries for PowerPC64
 libc6-prof - Embedded GNU C Library: Profiling Libraries
 libc6-s390x - GNU C Library: 64bit Shared libraries for IBM zSeries
 libc6-sparc64 - GNU C Library: 64bit Shared libraries for UltraSPARC
 libc6-sparcv9b - GNU C Library: Shared libraries [v9b optimized]
 libc6-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libc6-xen  - GNU C Library: Shared libraries [Xen version]
 libc6.1    - Embedded GNU C Library: Shared libraries
 libc6.1-alphaev67 - GNU C Library: Shared libraries (EV67 optimized)
 libc6.1-dbg - Embedded GNU C Library: detached debugging symbols
 libc6.1-dev - Embedded GNU C Library: Development Libraries and Header Files
 libc6.1-pic - Embedded GNU C Library: PIC archive library
 libc6.1-prof - Embedded GNU C Library: Profiling Libraries
 libc6.1-udeb - Embedded GNU C Library: Shared libraries - udeb (udeb)
 libnss-dns-udeb - GNU C Library: NSS helper for DNS - udeb (udeb)
 libnss-files-udeb - GNU C Library: NSS helper for files - udeb (udeb)
 locales    - Embedded GNU C Library: National Language (locale) data [support]
 locales-all - Embedded GNU C Library: Precompiled locale data
 nscd       - Embedded GNU C Library: Name Service Cache Daemon
Closes: 568488
Changes: 
 eglibc (2.11-0exp4) experimental; urgency=low
 .
   [ Clint Adams ]
   * New upstream release:
     - Fixes a house of mind attack.  Closes: bug#568488.
     - Update debian/patches/all/local-pthread-manpages.diff
     - Remove debian/patches/alpha/submitted-getsysstats.diff (merged)
     - Remove debian/patches/alpha/submitted-includes.diff (merged)
     - Remove debian/patches/alpha/submitted-lowlevellock.diff (merged)
     - Remove debian/patches/alpha/submitted-procfs_h.diff (merged)
     - Remove debian/patches/any/cvs-broken-dns.diff (merged)
     - Remove debian/patches/any/cvs-getutmpx-compat.diff (merged)
     - Remove debian/patches/any/cvs-malloc_info-output.diff (merged)
     - Remove debian/patches/any/cvs-nptl-init.diff (merged)
     - Remove debian/patches/any/cvs-resolv-edns0.diff (merged)
     - Remove debian/patches/any/cvs-resolv-init.diff (merged)
     - Remove debian/patches/any/cvs-resolv-uninitialized.diff (merged)
     - Remove debian/patches/any/cvs-resolv-v6mapped.diff (merged)
     - Remove debian/patches/any/local-dynamic-resolvconf.diff (merged)
     - Update debian/patches/any/local-libgcc-compat-main.diff
     - Remove debian/patches/any/submitted-getent-gshadow.diff (merged)
     - Update debian/patches/any/submitted-missing-etc-hosts.diff.
     - Update debian/patches/hppa/cvs-nptl-compat.diff.
     - Remove debian/patches/hurd-i386/cvs-termios-IXANY.patch (merged)
     - Update debian/patches/hurd-i386/submitted-readlinkat.diff
     - Update debian/patches/localedata/first_weekday.diff
     - Remove debian/patches/locale/cvs-C-first_weekday.diff (merged)
     - Remove debian/patches/mips/local-lazy-eval.diff (obsolete)
     - Remove debian/patches/ia64/submitted-siginfo.diff (merged)
     - Remove debian/patches/ia64/cvs-memchr.diff (merged)
     - Remove debian/patches/s390/submitted-siginfo.diff (merged)
     - Remove debian/patches/any/cvs-malloc-check.diff (merged)
     - Remove debian/patches/hppa/submitted-sock_nonblock.diff (merged)
     - Remove debian/patches/hppa/submitted-pie.diff (merged)
     - Remove debian/patches/any/cvs-ksm.diff (merged)
     - Remove debian/patches/any/cvs-sched_h.diff (merged)
     - testsuite-checking/expected-results-ia64-linux-gnu-libc: update
     - Update debian/patches/localedata/tailor-iso14651_t1.diff
     - Add debian/patches/localedata/locale-hsb_DE.diff
     - Update testsuite-checking/expected-results-sparc-linux-gnu-libc
     - Update testsuite-checking/expected-results-sparcv9b-linux-gnu-sparcv9b
     - Remove debian/patches/any/cvs-nis-not-configured.diff (merged)
 .
   [ Aurelien Jarno ]
   * Enable multi-arch.
   * Add debian/patches/s390/cvs-longjmp.diff from upstream to
     fix ____longjmp_chk on s390 and s390x.
   * Add debian/patches/kfreebsd/local-syscalls_2.11.patch to add chflags,
     fchflags, lchflags syscalls on GNU/kFreeBSD.
 .
   [ Samuel Thibault ]
   * debian/patches/hurd-i386/submitted-rtld_lock_recursive.diff: New patch to
     fix elf/ build on hurd-i386.
   * debian/patches/hurd-i386/local-longjmp_chk.diff: New patch to fix
     debug/____longjmp_chk.S build on hurd-i386.
   * Update debian/patches/hurd-i386/local-pthread.diff.
   * Update debian/testsuite-checking/expected-results-i486-gnu-libc.
 .
   [ Petr Salinger]
   * define __rtld_lock_initialize also in linuxthreads <bits/libc-lock.h>
     variant (enhance local-linuxthreads-weak.diff).
   * allow failure of tst-longjmp_chk.out on GNU/kFreeBSD
   * Add kfreebsd/local-dosavesse.diff, which does not work,
     so rather use also added kfreebsd/local-nosavesse.diff
Checksums-Sha1: 
 9014cd153308b0506a3fb7458900c20ca8c31188 3444 eglibc_2.11-0exp4.dsc
 1c85be338c4cffd51cac40cbcaa4097fc072c455 782177 eglibc_2.11-0exp4.diff.gz
 4c07c0ff8c6077ec06d1fea10bfa37e9d4459084 1836882 glibc-doc_2.11-0exp4_all.deb
 f2b45eb6f47e6478931e409d13b1576ee5c54a37 11051546 eglibc-source_2.11-0exp4_all.deb
 40bfdc91d1f3991e174b401f721b413f4abd4db1 4753636 locales_2.11-0exp4_all.deb
 566b7e6aea7609db9bf9f3429c6713238b7ab93e 4171004 libc6_2.11-0exp4_armel.deb
 21e601818b82e1a433db9ef2b8006362d9771891 2510096 libc6-dev_2.11-0exp4_armel.deb
 1f3e46bc38bca3dce7e227fd3eccbccb8e11b5d1 1973404 libc6-prof_2.11-0exp4_armel.deb
 1b843a5e12e531b28263671a85b6cf485e780bae 1441206 libc6-pic_2.11-0exp4_armel.deb
 61229a2c766ce9a95c767895d873bfde89739690 697578 libc-bin_2.11-0exp4_armel.deb
 768c0896134295ea194ed74b92baba016d01a2e0 199944 libc-dev-bin_2.11-0exp4_armel.deb
 840f6213435485c70367d40dcc5276c5e33d885e 3575986 locales-all_2.11-0exp4_armel.deb
 bc085baa3b62212b9546dd86d07840f83e6b40a5 187898 nscd_2.11-0exp4_armel.deb
 cb89689e5801b5a70ea3a2c1d3feea4dac4d42f5 6156050 libc6-dbg_2.11-0exp4_armel.deb
 385eb37791c354957487e889fbe25c15cd1f675e 1095252 libc6-udeb_2.11-0exp4_armel.udeb
 2f68c74bd8381b560209a11daff323217d1ea6e1 9560 libnss-dns-udeb_2.11-0exp4_armel.udeb
 9d303e7243000300c0f1b17dcb9d7ff2d2201c67 15758 libnss-files-udeb_2.11-0exp4_armel.udeb
Checksums-Sha256: 
 1e78c8e668e36009bc4e74d5f868543b7d7c86dba06a0ff61fdec1c329c3ceae 3444 eglibc_2.11-0exp4.dsc
 e46365862bd2d261bb347c15c1eac4384f48074cd7274bf48a4684b53964d1fc 782177 eglibc_2.11-0exp4.diff.gz
 3608f7a2b5fb63cbbe450f1af472d2760c896b8e4e9f7d9b7da90a241aea95a4 1836882 glibc-doc_2.11-0exp4_all.deb
 32ca7fc0c2fd413f85c46e44dd6707dd15c000221d394eadcba8dd09ccc8287b 11051546 eglibc-source_2.11-0exp4_all.deb
 06825500a9756d8d4bcfc13c9ec329ce14a53c6b36460210902afaf189bbd3e1 4753636 locales_2.11-0exp4_all.deb
 85e9659dd227eed55b17b8c30e62ac54ee30b9ea02b451a86c53ac1282f8a78c 4171004 libc6_2.11-0exp4_armel.deb
 4d97672600abc7eb64386f4bffc6d29d0213b3ea842a49e564771fc3ea184bc2 2510096 libc6-dev_2.11-0exp4_armel.deb
 cc30ec03c090fb22f26d1b6cb7e3859f63d0395119e2cd5633779933ad4c25e9 1973404 libc6-prof_2.11-0exp4_armel.deb
 69516b80b86178a5ca461aab559c62efa4d32ba8e0e00e87596c4c0384edb011 1441206 libc6-pic_2.11-0exp4_armel.deb
 4a4e9c6373ed6a397106ba73df5615dcb2265acb1d9650830581491af85718e5 697578 libc-bin_2.11-0exp4_armel.deb
 39cccbe37540d36afc7ffd088ccd10f538ca68951c289ab1c4f6173599e22571 199944 libc-dev-bin_2.11-0exp4_armel.deb
 5470f2f6de79ed170e0200de9d92210b4ebab13e5d01ce538e7fe511fab32b17 3575986 locales-all_2.11-0exp4_armel.deb
 2176ef38a3281c2613664e020b62f13bf6e3798675389ca4984d6ffbd9bab401 187898 nscd_2.11-0exp4_armel.deb
 59205cff1c56e3cec666a9c475c64a524de794affb81437ba3e08ff0c799f76f 6156050 libc6-dbg_2.11-0exp4_armel.deb
 ef2779e8083ca852e001015883c50fb512388165571d28b8aa9c1581ecb697b8 1095252 libc6-udeb_2.11-0exp4_armel.udeb
 99b8814c66dabf7ce35bd6698b8dc98224731679b68c1175894c61acf9e07195 9560 libnss-dns-udeb_2.11-0exp4_armel.udeb
 286face4e5d82c520858a227806a040fefa902a790cd5803afecd16de7a742c3 15758 libnss-files-udeb_2.11-0exp4_armel.udeb
Files: 
 225b359433cc033580f70959bef7ff36 3444 libs required eglibc_2.11-0exp4.dsc
 87e6bb13646da377521d1a794cdb4bab 782177 libs required eglibc_2.11-0exp4.diff.gz
 f5f37fbc9f85c377bbe2ad737295e7a4 1836882 doc optional glibc-doc_2.11-0exp4_all.deb
 728224a3a2ea8b217831fb4bd83da00a 11051546 devel optional eglibc-source_2.11-0exp4_all.deb
 25995f9644084d1a4c37d2cb591858e7 4753636 libs standard locales_2.11-0exp4_all.deb
 a67b1a1c2239463d211e37896489a214 4171004 libs required libc6_2.11-0exp4_armel.deb
 c598729c1789853ed0845243c3823761 2510096 libdevel optional libc6-dev_2.11-0exp4_armel.deb
 006101b435411cd62f15aa9cdc3ab220 1973404 libdevel extra libc6-prof_2.11-0exp4_armel.deb
 0a583b24735bad0424b4950a75d70e75 1441206 libdevel optional libc6-pic_2.11-0exp4_armel.deb
 671d5b992edf77190b45cc00090aee27 697578 libs required libc-bin_2.11-0exp4_armel.deb
 487f85fdac85274a2c530ef6164becb5 199944 libdevel optional libc-dev-bin_2.11-0exp4_armel.deb
 e15041f4e50a115c72ad83e274fec3b9 3575986 libs extra locales-all_2.11-0exp4_armel.deb
 d7276c37b96ba4d4f414e9a015581e56 187898 admin optional nscd_2.11-0exp4_armel.deb
 1aa2c30bca57784874b88ce13882a8ad 6156050 debug extra libc6-dbg_2.11-0exp4_armel.deb
 44484b8e38c31f36fd08692b6a2937b1 1095252 debian-installer extra libc6-udeb_2.11-0exp4_armel.udeb
 82e9262ff459268525dd6852de1bfc43 9560 debian-installer extra libnss-dns-udeb_2.11-0exp4_armel.udeb
 42d9b63fa4c091f8fbf207677763665d 15758 debian-installer extra libnss-files-udeb_2.11-0exp4_armel.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Debian!

iQIcBAEBCgAGBQJLb9UhAAoJEFWSMx4ZnTio7K0P/1CZCxMSgLWMHcSTiq088/2C
Xfe5X4fAdaLIxO/o2EJEWcZDCJjEC97E3rfjPgtH1Gd2vGl/fg+K8v1UcIP4SBqZ
Wx2j1rjnvyWQrnZ1RuHrQqTuXTqjnyQNlZ55WpJbVjlFM2FqIu/T+3rGWb7hLQc3
QV311aaTZ2uqEt4bM1d8u/1rlqpFjpuDlv9+R/zktUEUPigj/6r+0j4uVKbNOmHf
/yJiing3BfoEB0/tBkMK+AGZV+wqqmBTkiaV+RX9tzE7jlHQ6rUEwdB2FNT9WQFn
j12sbxvHy4VYpX3pUHUbvGkcXG8gVi6eZx52hyeuH1y9ET788kvlgvePc0EpJ5rh
+dxk5L2AukE0kvo6q77KHeEq+EXHBHFGlJYomGqc2z9IQy3zs6Lo0ZZPIOt72cCy
rk0hrjIgkmYxe7wNwWfk/hJuq8dcmq8aGlrSUd800S0ZgWRxGATuy8eusqO2Vu1R
rmxKt4i/7pA9k8FVg7vp2g6a90G5n8Ejwlbblu8UoWTOeaPSWG0JqddwOluLFYmx
Ibh/2CoIuc1pSU+28rePApq7kiU3iCUR+YC0b/6voPCQI3v/AnpxaJg9aGxmmcc/
TUla/iUCv2woV+rPgJO+14JQJDdWNbhrL2AsLAc+z5dKOGUSyqQ0VRbTbzfzHAXk
Xw1YRj4yHZtaUZNT1ZqE
=el/i
-----END PGP SIGNATURE-----

--- End Message ---