|
Sun XDR Library xdrmem_getbytes() Integer Overflow Vulnerability
Solution: Conectiva has released a security advisory (CLA-2003:633). The referenced advisory contains information pertaining to obtaining and applying fixes that address this issue. Users are advised to upgrade as soon as possible. Sorcerer Linux has advised that users update using the following commands: augur synch && augur update MIT has released a security advisory (2003-03-18) which contains a patch for KRB5 1.2.7. Red Hat has released a security advisory (RHSA-2003:089-00) which contains fixes addressing this issue. CERT has released a security advisory (CA-2003-10) which contains various vendor status information. Further details are available in the attached advisory. The glibc 2.3.1 CVS tree has been updated to contain the necessary fixes. Further information can be found the in the attached CERT advisory. It has been reported that IBM has released APAR IY38524, IY38434, IY39231, for AIX 4.3.3, 5.1, and 5.2 respectively. Users are advised to contact IBM support for further assistance. FreeBSD has released an advisory (FreeBSD-SA-03:05) containing patches for version 4.6, 4.7, and 5.0. Users are advised to upgrade as soon as possible. EnGarde has released a security advisory (ESA-20030321-010) containing a fix for this issue. Debian has released a security advisory [DSA 266-1] containing fixes for this issue. Debian has also released an advisory and fixes for dietlibc. See the References section for details. Gentoo has released glibc-2.3.1-r4 (arm: glibc-2.2.5-r8) which addresses this issue. Users are advised to upgrade by performing the following commands: emerge sync emerge glibc emerge clean Gentoo has also released dietlibc-0.22-r1 which addresses this issue. Users are advised to upgrade by performing the following commands: emerge sync emerge dietlibc emerge clean MandrakeSoft has released an advisory (MDKSA-2003:037), which contain fixes for glibc. Further information about obtaining and applying fixes are available in the referenced advisory. NetBSD has released a security advisory (2003-008) which contains information about obtaining fixes via CVS. Further information is available from the attached advisory. Trustix has released a security advisory (TSLSA-2003-0014) which contains fixes addressing this issue. Users are advised to upgrade as soon as possible. SGI has released a security advisory (20030402-01-P) which contains fixes addressing this issue. Debian has released a new advisory (DSA 282-1) for glibc. Affected users are advised to obtain and install new packages. Further information is available in the referenced advisory. Users of the apt-get system can issue the following commands to install new packages: apt-get update apt-get upgrade Conectiva has released a security advisory (CLA-2003:639) containing fixes which address this issue. Users are advised to upgrade as soon as possible. Red Hat has released a new security advisory (RHSA-2003-090) containing fixes to address this issue. Fixes are available via the Red Hat Network. Further information can be obtained via the attached advisory or by contacting the vendor. SuSE has released advisory SuSE-SA:2003:027 to address this issue. Revised HP advisory HPSBUX0303-252 SSRT2439 Rev.11 is has been released to address this issue. Fixes available: Sun Solaris 8
Sun Solaris 7.0
diet libc diet libc 0.12
MIT Kerberos 5 1.1.1
MIT Kerberos 5 1.2.5
HP HP-UX 10.20
GNU glibc 2.2
FreeBSD FreeBSD 4.6
FreeBSD FreeBSD 5.0
SGI IRIX 6.5.15 m SGI IRIX 6.5.16 f SGI IRIX 6.5.16 m SGI IRIX 6.5.17 m SGI IRIX 6.5.19 f |
|
 Privacy Statement |
