Users of glibc please be advised of a code execution vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)
Amplify’d from www.criticalwatch.com
SUSE-SA:2010:052: [SUSE-SA:2010:052] glibc code execution
Problem Description and Brief Discussion
The Linux C library glibc was updated to fix critical security issues and several bugs:
CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_
environment variables allowed local attackers to execute code in
context of e.g. setuid root programs, elevating privileges.
This specific issue did not affect SUSE as an assertion triggers
before the respective code is executed. The bug was fixed by this
update nevertheless.
Read more at www.criticalwatch.com
See this Amp at http://amplify.com/u/e9ty
No comments:
Post a Comment