DSA-2122-1 glibc -- missing input sanitizationID: oval:org.secpod.oval:def:600023 | Date: (C)2011-01-28 (M)2023-07-26 |
Class: PATCH | Family: unix |
Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable. For the stable distribution , this problem has been fixed in version 2.7-18lenny6. For the upcoming stable distribution , this problem has been fixed in version 2.11.2-6+squeeze1 of the eglibc package. For the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your glibc packages.