Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path

To: Aurelien Jarno <aurelien@aurel32.net>
Cc: 600667@bugs.debian.org, Michael Gilbert <michael.s.gilbert@gmail.com>
Subject: Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 22 Oct 2010 09:38:33 +0200
Message-id: <[🔎] 87vd4usmme.fsf@mid.deneb.enyo.de>
Reply-to: Florian Weimer <fw@deneb.enyo.de>, 600667@bugs.debian.org
In-reply-to: <[🔎] 20101021173604.GI17471@hall.aurel32.net> (Aurelien Jarno's message of "Thu, 21 Oct 2010 19:36:04 +0200")
References: <[🔎] 20101018185845.cb4f8bfa.michael.s.gilbert@gmail.com> <[🔎] 20101021173604.GI17471@hall.aurel32.net>

* Aurelien Jarno:

> I have just committed the fix, I am planning to do an upload soon to
> unstable. Do you think we should also fix it in stable? via a security
> release?

FYI, I have uploaded eglibc 2.11.2-6+squeeze1 to testing-security.

Reply to:

References:
- Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>
- Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
  - From: Aurelien Jarno <aurelien@aurel32.net>

Prev by Date: Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Next by Date: Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Previous by thread: Bug#600667: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Next by thread: Bug#600667: marked as done (eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path)
Index(es):
- Date
- Thread