Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 4923 - Buffer overflow in glibc dns network resolver code - patch to sys-libs/glibc-2.2.5-r4
Summary: Buffer overflow in glibc dns network resolver code - patch to sys-libs/glibc-...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Library (show other bugs)
Hardware: All Linux
: Highest blocker (vote)
Assignee: Martin Schlemmer (RETIRED)
URL: http://www.cert.org/advisories/CA-200...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-07-12 14:34 UTC by Michael Thompson
Modified: 2002-07-15 15:03 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
glibc-2.2.5-r4.ebuild.diff (glibc-2.2.5-r5.ebuild.diff,446 bytes, patch)
2002-07-12 14:34 UTC, Michael Thompson
Details | Diff
glibc-2.2.5-dns-network-overflow.diff (glibc-2.2.5-dns-network-overflow.diff,365 bytes, patch)
2002-07-12 14:35 UTC, Michael Thompson
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Michael Thompson 2002-07-12 14:34:02 UTC
CERT released an advisory pertaining to a buffer overflow that affects glibc.  Attached is a patch 
to sys-libs/glibc-2.2.5-r4.ebuild that will patch glibc with the patch provided in the 
advisory.

As a temporary workaround, one can change "networks: files dns" to "networks: 
files" in /etc/nsswitch.conf.

See http://www.cert.org/advisories/CA-2002-19.html
Comment 1 Michael Thompson 2002-07-12 14:34:58 UTC
Created attachment 2208 [details, diff]
glibc-2.2.5-r4.ebuild.diff
Comment 2 Michael Thompson 2002-07-12 14:35:51 UTC
Created attachment 2209 [details, diff]
glibc-2.2.5-dns-network-overflow.diff
Comment 3 Martin Schlemmer (RETIRED) gentoo-dev 2002-07-15 15:03:44 UTC
Fixed in -r5.