LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (http://www.linuxquestions.org/questions/slackware-14/)
-   -   New multilib glibc packages. - security fix from Alien. (http://www.linuxquestions.org/questions/slackware-14/new-multilib-glibc-packages-security-fix-from-alien-839560/)

Martinezio 10-21-2010 09:33 AM

New multilib glibc packages. - security fix from Alien.
 
I've just saw on Alien's Pasture:

http://alien.slackbook.org/blog/new-...cal-root-hole/

Packages are ready for Slackware-current. For slackware 13.0 and 13.1 packages will be available soon.

Thx Eric :hattip:

marnold 10-21-2010 10:39 AM

I saw that too. The updated glibc packages for the "normal" installations are available from your standard mirrors. I don't know why a message hasn't hit the security list just yet. I updated my 32bit box, but am waiting for the new multilib packages before upgrading my 64bit box.

Anyone know if you should reboot after upgrading glibc? I did on my 32bit box because I was too impatient to wait for an answer :)

farfrael 10-21-2010 12:03 PM

Thanks for the info.
Is there any specific steps or order to follow to update the packages?

Last time I messed around with these packages, I managed to corrupt the system (my fault surely but still the result is the same)

wadsworth 10-21-2010 12:11 PM

I'm going to drop out of X, and go to runlevel 1 ("init 1") before upgrading.
May or may not be necessary in this case, but should be safest. :)

...and then I rebooted for good measure. All seems well.

farfrael 10-21-2010 12:56 PM

went to init 1, used upgradepkg -- reinstall and rebooted and everything seems to still be working :)

Thanks Alien/Eric for the packages

zbreaker 10-21-2010 01:52 PM

Eric is really amazing in the amount of goodies he gets us slackers, both for fun and necessity:)

Alien Bob 10-21-2010 02:14 PM

Updated glibc packages for multilib Slackware64 releases 13.0 and 13.1 are now also available (http://slackware.com/~alien/multilib/ or http://taper.alienbase.nl/mirrors/pe...lien/multilib/).
You can again relaxen und watchen das blinkenlighten.

Eric

ponce 10-24-2010 01:01 AM

If I understood well the new Tavis Ormandy bulletin, looks like there's no peace :(

http://seclists.org/fulldisclosure/2010/Oct/344

let's hope next week won't be another one. :( (btw, tnx Tavis!)

ponce 10-25-2010 10:40 AM

just noticed now that Tavis point to this upstream patch that addresses the bug above in Twitter

http://sourceware.org/ml/libc-hacker.../msg00010.html


All times are GMT -5. The time now is 03:58 AM.