Glibc Getgrouplist Function Buffer Overrun Vulnerability Solution:
Red Hat has released an advisory (RHSA-2003:249-11) and fixes to address this issue. Fixes are available from the Red Hat Network.
Conectiva has released a security advisory (CLSA-2003:762) and fixes to address this issue. Information on how to obtain and add fixes can be found in the attached advisory.
Red Hat has released a security advisory (RHSA-2003:325-01) containing fixes to address this and a separate issue. Users are advised to upgrade as soon as possible. Further information can be found in the attached advisory.
*** November 13, 2003 - An updated versions of the above advisory has been released containing revised fixes for Red Hat 9. Users are advised to upgrade to the latest fixes.
Trustix has released a security advisory (TSLSA-2003-0039) to address this issue. Users are advised to upgrade as soon as possible.
Mandrake has released advisory MDKSA-2003:107 to address this issue. See referenced advisory for additional details.
It is recommended that all Gentoo Linux users update their systems as
follows:
emerge sync
emerge '>=sys-libs/glibc-2.2.5'
emerge clean
Sun has released fixes for Sun Linux.
SGI has released an advisory (20031103-01-U) pertaining to their ProPack Linux distribution. The advisory has been released in response to a number of RHSA advisories, and includes a patch (Patch 10033) containing updated RPM packages relating to a number of different BIDS.
Patch 10033 can be obtained via the following link:
http://support.sgi.com/
For information regarding how to obtain individual RPM packages included in Patch 10033, please see the attached advisory.
TurboLinux has released an advisory, and made fixes for this issue available. Affected users are advised to execute one of the following commands:
# turbopkg
OR
# zabom update glibc glibc-devel glibc-profile mtrace nscd
Additional TurboLinux information is available in the referenced advisory.
Fixes:
GNU glibc 2.2.4
GNU glibc 2.2.5
GNU glibc 2.3.1
GNU glibc 2.3.2
