glibc vulnerability

Marnix Kaart marnix_lfs at mkaart.net
Wed Jun 11 00:52:13 PDT 2003


On Monday 02 June 2003 00:03, Dagmar d'Surreal wrote:
> ..and more to the point, here's an annotated diff that people should
> start applying to glibc.  It was assembled directly from the components
> listed in CERT Advisory CA-2003-10.  Since glibc-2.3.2 is not vulnerable
> to this, if you are currently building using the current CVS tree of
> LFS, you don't need to worry about it.  Everyone else using any version
> of glibc previous to 2.3.2 (2.3.1, 2.2.5, etc) should apply this patch
> to their glibc sources and rebuild to eliminate the vulnerability from
> their system.

I am planning to apply the patch and recompile glibc (2.3.1), but I'm not sure 
wether it is safe.  In other words: will recompiling glibc break my system? 
And how about dependencies, do I need to worry about other packages stopping 
to work after glibc has been patched? Finally, can I just use the lfs (4.1) 
instructions from chapter 6 for this?

Thanks!
Marnix Kaart

-- 
Marnix Kaart
Reg. Linux User #267495        http://counter.li.org
Reg.  LFS  User  #5496   http://linuxfromscratch.org

()  ascii ribbon campaign - against html mail 
/\                        - against proprietary formats

--

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe lfs-security' in the subject header of the message



More information about the lfs-security mailing list