Bug#279680: libc6: CAN-2004-0968 not fixed in woody

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#279680: libc6: CAN-2004-0968 not fixed in woody
From: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>
Date: Thu, 04 Nov 2004 17:10:25 +0100
Message-id: <[🔎] 20041104161025.025A65F42@pleione.itp.uni-hannover.de>
Reply-to: Helge Kreutzmann <kreutzm@itp.uni-hannover.de>, 279680@bugs.debian.org

Package: libc6
Version: 2.2.5-11.5
Severity: grave
Tags: woody, security
Justification: user security hole

I notice the Ubuntu Security USN-4-1 and did not find CAN-2004-0968 in
the "Non-Vulnerable" list. I looked at catchsegv as an example and
code like

segv_output=`basename "$prog"`.segv.$$

does not look secure to me. 

http://lwn.net/Alerts/108824/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-00968
http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318




-- System Information
Debian Release: 3.0
Architecture: i386
Kernel: Linux pleione 2.4.26-grsec #1 Tue Aug 10 15:42:40 CEST 2004 i686
Locale: LANG=en_US, LC_CTYPE=en_US

Reply to:

Follow-Ups:
- Bug#279680: libc6: CAN-2004-0968 not fixed in woody
  - From: GOTO Masanori <gotom@debian.or.jp>

Prev by Date: Bug#279423: libc6-dev: totally incoherent pthread related includes files for dynamic linking
Next by Date: Bug#279685: gencat: manual page fixup
Previous by thread: Processed: not release-critical
Next by thread: Bug#279680: libc6: CAN-2004-0968 not fixed in woody
Index(es):
- Date
- Thread