Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path

To: Michael Gilbert <michael.s.gilbert@gmail.com>, 600667@bugs.debian.org
Subject: Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
From: Aurelien Jarno <aurelien@aurel32.net>
Date: Mon, 7 Feb 2011 01:19:39 +0100
Message-id: <20110207001939.GD17924@volta.aurel32.net>
Reply-to: Aurelien Jarno <aurelien@aurel32.net>, 600667@bugs.debian.org
In-reply-to: <20110205142014.b0b6387e.michael.s.gilbert@gmail.com>
References: <20110205142014.b0b6387e.michael.s.gilbert@gmail.com>

On Sat, Feb 05, 2011 at 02:20:14PM -0500, Michael Gilbert wrote:
> Note that a new CVE id (CVE-2011-0536) has been assigned for a
> vulnerability introduced by the patches for cve-2010-3847 [0].  It
> sounds like this affects the recent DSAs. Please take a look at the
> code and figure out what needs to be done to resolve these three
> issues: CVE-2010-3847, CVE-2010-3856, CVE-2011-0536.
> 

I think CVE-2011-0536 corresponds to the Debian and Ubuntu bug, which
didn't apply the correct patchset on the first security fix.

-- 
Aurelien Jarno                          GPG: 1024D/F1BCDB73
aurelien@aurel32.net                 http://www.aurel32.net

Reply to:

References:
- Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
  - From: Michael Gilbert <michael.s.gilbert@gmail.com>

Prev by Date: Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Next by Date: Bug#527589: Outdated header file /usr/include/bits/sched.h for GNU/Hurd!?
Previous by thread: Bug#600667: Fw: re: eglibc: cve-2010-3847 dynamic linker expands $ORIGIN in setuid library search path
Next by thread: Bug#611926: eglibc compiles extremely huge binary-indep parts on buildds
Index(es):
- Date
- Thread