glibc vulnerability

Marnix Kaart marnix_lfs at
Wed Jun 11 00:52:13 PDT 2003

On Monday 02 June 2003 00:03, Dagmar d'Surreal wrote:
> ..and more to the point, here's an annotated diff that people should
> start applying to glibc.  It was assembled directly from the components
> listed in CERT Advisory CA-2003-10.  Since glibc-2.3.2 is not vulnerable
> to this, if you are currently building using the current CVS tree of
> LFS, you don't need to worry about it.  Everyone else using any version
> of glibc previous to 2.3.2 (2.3.1, 2.2.5, etc) should apply this patch
> to their glibc sources and rebuild to eliminate the vulnerability from
> their system.

I am planning to apply the patch and recompile glibc (2.3.1), but I'm not sure 
wether it is safe.  In other words: will recompiling glibc break my system? 
And how about dependencies, do I need to worry about other packages stopping 
to work after glibc has been patched? Finally, can I just use the lfs (4.1) 
instructions from chapter 6 for this?

Marnix Kaart

Marnix Kaart
Reg. Linux User #267495
Reg.  LFS  User  #5496

()  ascii ribbon campaign - against html mail 
/\                        - against proprietary formats


Unsubscribe: send email to listar at
and put 'unsubscribe lfs-security' in the subject header of the message

More information about the lfs-security mailing list