Barely a week has passed, and we have yet another local root hole in glibc that needed patching. The Slackware ChangeLog said it like this:

a/glibc-solibs-2.12.1-x86_64-3.txz: Rebuilt.
Patched “The GNU C library dynamic linker will dlopen arbitrary DSOs
during setuid loads.” This security issue allows a local attacker to
gain root by specifying an unsafe DSO in the library search path to be
used with a setuid binary in LD_AUDIT mode.
Bug found by Tavis Ormandy (with thanks to Ben Hawkes and Julien Tinnes).
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://seclists.org/fulldisclosure/2010/Oct/344
(* Security fix *)

Of course, I was out of town for a few days when this happened, so it took a little longer to build updated multilib versions for glibc.

But… they are available now for your 64-bit Slackware 13.0, 13.1 and -current. Grab them here: http://slackware.com/~alien/multilib/. If you need guidance, read the README or better even, check out the Wiki page on Slackware multilib.

I hope this is the last hole for a while, it sucks having to rebuild all of this.

Mirrors: http://taper.alienbase.nl/mirrors/people/alien/multilib/ and http://slackware.org.uk/people/alien/multilib/.

Eric