Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path

To: 600667@bugs.debian.org
Subject: Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
From: Michael Gilbert <michael.s.gilbert@gmail.com>
Date: Sat, 5 Feb 2011 14:20:14 -0500
Message-id: <20110205142014.b0b6387e.michael.s.gilbert@gmail.com>
Reply-to: Michael Gilbert <michael.s.gilbert@gmail.com>, 600667@bugs.debian.org

Note that a new CVE id (CVE-2011-0536) has been assigned for a
vulnerability introduced by the patches for cve-2010-3847 [0].  It
sounds like this affects the recent DSAs. Please take a look at the
code and figure out what needs to be done to resolve these three
issues: CVE-2010-3847, CVE-2010-3856, CVE-2011-0536.

Thanks,
Mike

[0] http://www.openwall.com/lists/oss-security/2011/02/03/2

Reply to:

Follow-Ups:
- Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
  - From: Aurelien Jarno <aurelien@aurel32.net>

Prev by Date: Bug#357051: [PATCH] fix sorting/search example
Next by Date: r4469 - glibc-package/branches
Previous by thread: Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Next by thread: Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Index(es):
- Date
- Thread