New multilib glibc packages fix local root hole

New glibc packages for Slackware arrived on the mirrors last night. They close a serious local root hole. From the ChangeLog:

Patched “dynamic linker expands $ORIGIN in setuid library search path”.
This security issue allows a local attacker to gain root if they can create
a hard link to a setuid root binary.  Thanks to Tavis Ormandy.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
http://seclists.org/fulldisclosure/2010/Oct/257
(* Security fix *)

I have already created new multilib versions of the updated glibc packages for Slackware64-current, get them here: http://slackware.com/~alien/multilib/current/ or mirrored here: http://taper.alienbase.nl/mirrors/people/alien/multilib/current/ and here: http://slackware.org.uk/people/alien/multilib/current/.

When I return from work, I will also create I have also created updates to my multilib glibc packages for Slackware64 13.0 and 13.1. Stay posted, I will write a note in the comments section of this article.

Eric

15 thoughts on “New multilib glibc packages fix local root hole

  1. Pingback: New multilib glibc packages. - security fix from Alien.





  2. Chris,

    I will not update those compat32 packages. They are created from the original 32-bit Slackware packages, and using convertpkg-compat32 you can easily create any package you need out of the published patches for Slackware 13.1.

    Eric


  3. Hi Eric,
    once you seem to have a good communication with the Slack community, maybe you could report them that there is a bug on libboost 1.4.2 with gcc 4.5.1:
    https://svn.boost.org/trac/boost/ticket/3844

    Once I updated it to libboost 1.4.4, using the original SlackBuild script, it just worked perfectly.

    Thanks for the updated packages, again.
    D. Sampaio


  4. Those of you who use VirtualBox will find that it won’t start as a normal user – this is due to a compiled in rpath of $ORIGIN, which the patched glibc prevents. I *think* the vbox folks have update the current .run file if you’re using the binary builds, but I don’t know about the -ose version yet. If nothing else, you can take the approach that I used and fix the rpath using the chrpath utility: http://connie.slackware.com/~rworkman/chrpath/
    Note that you’re limited to seven characters for the new rpath, so “/opt/VirtualBox” isn’t an option – I chose to do this:
    for i in /opt/VirtualBox/*.so ; do
    chrpath -r “/VBOX” $i ;
    done
    mkdir /VBOX
    mount –bind /opt/VirtualBox /VBOX

    YMMV. 🙂


  5. Eric,

    Maybe I am missing something, but over here it appears that glibc* are blacklisted by convertpkg-compat32:-

    # convertpkg-compat32 -i glibc-2.11.1-i486-4_slack13.1.txz -d compat32/
    Package glibc is blacklisted by ‘glibc.*’, aborting.

    Probing in convertpkg-compat32:-

    # Blacklist of packages not to use this script on (these *have* to be compiled
    # on a 64bit box):
    BLACKLIST=”
    glibc.*
    kernel.*
    gcc.*

    Chris






  6. @boris:
    And why do you think the glibc and gcc packages are on that blacklist? (Hint: what packages did you also upgrade that are not called “compat32”?)

    Eric


  7. Warning: there is yet another update to glibc. Slackware packages became available yesterday, my multilib versions are available as of now (see my more recent blog post).

    Eric


Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.