Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 4923

Summary: Buffer overflow in glibc dns network resolver code - patch to sys-libs/glibc-2.2.5-r4
Product: Gentoo Linux Reporter: Michael Thompson <MichaelThompson>
Component: [OLD] LibraryAssignee: Martin Schlemmer (RETIRED) <azarah>
Status: RESOLVED FIXED    
Severity: blocker CC: psionix
Priority: Highest    
Version: 1.2   
Hardware: All   
OS: Linux   
URL: http://www.cert.org/advisories/CA-2002-19.html
Whiteboard:
Package list:
Runtime testing required: ---
Attachments: glibc-2.2.5-r4.ebuild.diff
glibc-2.2.5-dns-network-overflow.diff

Description Michael Thompson 2002-07-12 14:34:02 UTC 
CERT released an advisory pertaining to a buffer overflow that affects glibc.  Attached is a patch 
to sys-libs/glibc-2.2.5-r4.ebuild that will patch glibc with the patch provided in the 
advisory.

As a temporary workaround, one can change "networks: files dns" to "networks: 
files" in /etc/nsswitch.conf.

See http://www.cert.org/advisories/CA-2002-19.html
Comment 1 Michael Thompson 2002-07-12 14:34:58 UTC 
Created attachment 2208 [details, diff]
glibc-2.2.5-r4.ebuild.diff
Comment 2 Michael Thompson 2002-07-12 14:35:51 UTC 
Created attachment 2209 [details, diff]
glibc-2.2.5-dns-network-overflow.diff
Comment 3 Martin Schlemmer (RETIRED) gentoo-dev 2002-07-15 15:03:44 UTC 
Fixed in -r5.