Oval Definition:oval:com.redhat.rhsa:def:20100793
Revision Date:2010-10-25Version:639
Title:RHSA-2010:0793: glibc security update (Important)
Description:The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.

  • It was discovered that the glibc dynamic linker/loader did not perform sufficient safety checks when loading dynamic shared objects (DSOs) to provide callbacks for its auditing API during the execution of privileged programs. A local attacker could use this flaw to escalate their privileges via a carefully-chosen system DSO library containing unsafe constructors. (CVE-2010-3856)

    Red Hat would like to thank Ben Hawkes and Tavis Ormandy for reporting this issue.

    All users should upgrade to these updated packages, which contain a backported patch to correct this issue.
  • Family:unixClass:patch
    Status:Reference(s):CVE-2010-3856
    RHSA-2010:0793
    RHSA-2010:0793-01
    RHSA-2010:0793-01
    Platform(s):Red Hat Enterprise Linux 5
    Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • glibc is earlier than 0:2.5-49.el5_5.7
  • AND glibc is signed with Red Hat redhatrelease2 key
  • glibc-common is earlier than 0:2.5-49.el5_5.7
  • AND glibc-common is signed with Red Hat redhatrelease2 key
  • glibc-devel is earlier than 0:2.5-49.el5_5.7
  • AND glibc-devel is signed with Red Hat redhatrelease2 key
  • glibc-headers is earlier than 0:2.5-49.el5_5.7
  • AND glibc-headers is signed with Red Hat redhatrelease2 key
  • glibc-utils is earlier than 0:2.5-49.el5_5.7
  • AND glibc-utils is signed with Red Hat redhatrelease2 key
  • nscd is earlier than 0:2.5-49.el5_5.7
  • AND nscd is signed with Red Hat redhatrelease2 key
  • BACK