Eger linux makinalarla bir ag hizmeti veriyorsaniz (ve hala guncellemediyseniz)
ld.so'nuzu guncelleyin, kisisel amaclarla kullanilan linux makinalarinda
da guncelleme yapmanin bir zarari olmayacaktir :-), (yani cok elzem degil,
ama yine de guncelleyin..)
>
> ld.so Vulnerability
>
> A buffer overflow problem was reported on bugtraq affecting the
> ELF and a.out program loaders on Linux. This problem can possibly be
> exploited by malicious users to obtain root access.
>
> On Linux, programs linked against shared libraries execute some code
> contained in /lib/ld.so (for a.out binaries) or /lib/ld-linux.so (for
> ELF binaries), which loads the shared libraries and binds all symbols.
> If an error occurs during this stage, an error message is printed
> and the program terminates. The printf replacement used at this stage
> is not protected from buffer overruns.
>
> David Engel has released a fixed ld.so as
>
> ftp://ftp.ods.com/pub/linux/ld.so-1.9.3.tar.gz
> ftp://i44ftp.info.uni-karlsruhe.de/pub/linux/ld.so/ld.so-1.9.3.tar.gz
>
> This release should soon appear on sunsite.unc.edu in /pub/Linux/GCC.
> Note that ld.so-1.9 does not support the old a.out format anymore.
>
> The following Linux distribution maintainers and vendors have released
> fixed packages of ld.so:
>
> - ------------------------------------------------------------------
> VENDOR INFORMATION
> - ------------------------------------------------------------------
> Vendor: S.u.S.E
> Product: S.u.S.E Linux 5.0
> Status: Affected, fix available
> Location: ftp://ftp.suse.com/pub/suse_update/S.u.S.E.-5.0/a1
> Files: c7648fbfd29fc56905e1d569f617a811 ld.so-1.9.3.dif
> c7fba9a7f4040812307841f683ef4abc ld.so-1.9.3.tar.gz
> 19f71cfc08a69d8ecf1703e5307459a0 ldso.changes
> fd64cc73f699a2c28a809e1b7b61700e ldso.rpm
> b3f1350e916381bd7e97c7087fc49535 ldso.tgz
>
>
> Vendor: Caldera
> Product: Caldera OpenLinux Lite, Base and Standard 1.1
> Status: Affected, fix available
> Location: ftp://ftp.caldera.com/pub/openlinux/updates/1.1/004
> Files: 2fed2dd482fe44e020a4bd40fdd2059e ld.so-1.7.14-5.src.rpm
> 572974e8f777b6da7d67aed15db9c115 ld.so-1.7.14-5.i386.rpm
> Note: ELF support only.
>
> Vendor: RedHat
> Product: RedHat Linux 4.0, 4.1 and 4.2
> Status: Affected, fix available
> Location: ftp://ftp.redhat.com/updates/4.2
> Files: d8883e254021de3058b9c7d3174e9b28 i386/ld.so-1.7.14-5.i386.rpm
> 2ab8e35978d81a57a340c81584e78785 sparc/ld.so-sparc-1.8.3-3.sparc.rpm
> Note: Files pgp-signed, key available from install CD or
> PGP key servers.
>
> Vendor: Debian
> Product: Debian GNU/Linux
> Status: Affected, fix available
> Location: ftp://ftp.debian.org/debian/bo-updates
> Files: c044d31c1a7f434837ec648c97481b76 ld.so_1.8.10-2.1.dsc
> bd6a94d00b6aeb10363b92e4f77a1a30 ld.so_1.8.10-2.1.tar.gz
> edea24550bf5f5a3c92a4a6319fe60b0 ldso_1.8.10-2.1_i386.deb
>
> Vendor: Delix
> Product: DLD 5.2
> Status: Affected, fix available
> Location: ftp://ftp.delix.de/pub/Linux/DLD-5.2/updates
> Files: 156f551820e1f7305cf2c19d1cbddc68 *ld.so-1.9.2-3.i386.rpm
> bbeb99ac166d5c7cfde52346949da363 *ld.so-devel-1.9.2-3.i386.rpm
>
> Vendor: LST
> Product: LST Power Linux 2.2
> Status: Affected, fix available
> Location: Same as for Caldera above.
>
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2i
>
> iQCVAwUBM9RqfuFnVHXv40etAQGTawP/Srnw8tmTTkLuZrxsx49qEw3jP3hM8DdM
> qeiVd8DyztiphIpIgPpWYr79e6z4/6tViDA0Cpb+ZbJ2axe7k0Dg9Ypd8k6C1cC5
> L6qKo+pHbTBn7F31OEerrqniaYyVuVWdsD3tDWsItKsYqBJy5+jiRvMC3RzFqUNk
> mpdo1mnqJiw=
> =I/YT
> -----END PGP SIGNATURE-----
> --
> Olaf Kirch | --- o --- Nous sommes du soleil we love when we play
> okir@monad.swb.de | / | \ sol.dhoop.naytheet.ah kin.ir.samse.qurax
> okir@lst.de +-------------------- Why Not?! -----------------------
> finger okir@brewhq.swb.de for PGP key
>
>
KGF