Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path

To: submit@bugs.debian.org
Subject: Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Mon, 18 Oct 2010 18:58:45 -0400
Message-id: <[🔎] 20101018185845.cb4f8bfa.michael.s.gilbert@gmail.com>
Reply-to: Michael Gilbert <michael.s.gilbert@gmail.com>, 600667@bugs.debian.org

package: eglibc
version: 2.11.2-6
severity: grave
tag: patch

an issue has been disclosed in eglibc.  see:
http://seclists.org/fulldisclosure/2010/Oct/257

patch available:
http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html

best wishes,
mike

Reply to:

Follow-Ups:
- Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#600667: marked as done (eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path)
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

Prev by Date: Processed: Re: eglibc: libfakeroot not found during build time
Next by Date: Processed: #600667: critical security hole
Previous by thread: Processed: Re: eglibc: libfakeroot not found during build time
Next by thread: Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Index(es):
- Date
- Thread