glibc, nscd security update

2010-10-26T06:41:49
ID CESA-2010:0793
Type centos
Reporter CentOS Project
Modified 2010-10-26T06:41:50

Description

CentOS Errata and Security Advisory CESA-2010:0793

The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.

It was discovered that the glibc dynamic linker/loader did not perform sufficient safety checks when loading dynamic shared objects (DSOs) to provide callbacks for its auditing API during the execution of privileged programs. A local attacker could use this flaw to escalate their privileges via a carefully-chosen system DSO library containing unsafe constructors. (CVE-2010-3856)

Red Hat would like to thank Ben Hawkes and Tavis Ormandy for reporting this issue.

All users should upgrade to these updated packages, which contain a backported patch to correct this issue.

Merged security bulletin from advisories: http://lists.centos.org/pipermail/centos-announce/2010-October/029161.html http://lists.centos.org/pipermail/centos-announce/2010-October/029162.html

Affected packages: glibc glibc-common glibc-devel glibc-headers glibc-utils nscd

Upstream details at: https://rhn.redhat.com/errata/RHSA-2010-0793.html