Re: UNIX locale format string vulnerability

[Tyler <tyler () RESCOMP BERKELEY EDU>]

> I immediately grabbed the new rpms from update.redhat.com, followed the
> instructions and got:
>
> glibc
> ##################################################
> package zic not found in file index
> package ca_ES not found in file index
[snip]

i'm not sure if this is directly relevant to your problem or not, but it
looks like the redhat RPMs that got released have some issues which i
wanted to share with anyone else having problems. on several of my RH5.2
boxen, installing the new glibc caused tcsh to segfault all the time.

there is a bugzilla entry on the tcsh problem
at: http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=17187

there is a link there to some new packages which worked for me
at: ftp://ultra.linux.cz/private/glibc/

the redhat 6.x packages appear to be fine.

there is a note in the bugzilla logs that these new 5.x packages are
supposed to be made public somtime "Monday morning." so hopefully they'll
come through tomorrow (what with Labor Day and all...).

tyler

--
"Any setuid root program that does an exec() somewhere is just a less
user friendly version of su. I have a wonderful proof of this claim,
but unfortunately the margin is too small to hold it :-)"
 --Olaf Kirch, on bugtraq