Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
reopen 600667
thanks
Maybe I'm reading things wrong, or maybe Mitre's information is
actually incorrect, but it looks like the fixes claimed for
CVE-2010-3847 in 2.11.2-8 actually address CVE-2010-3856 [0] instead.
It looks like CVE-2010-3847 [1] is still unfixed. The original fix in
-7 may have been correct to begin with?
Best wishes,
Mike
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3856
http://sourceware.org/ml/libc-hacker/2010-10/msg00010.html
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-3847
http://sourceware.org/ml/libc-hacker/2010-10/msg00007.html
Reply to: