Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Debian 2.2: DSA-039-1 Moderate: Glibc Local File Overwrite

debian
Calendar Grey March 8, 2001
Debian Logo
------------------------------------------------------------------------ Debian Security Advisory DS
The version of GNU libc that was distributed with Debian GNU/Linux 2.2 suffered from 2 security problems.

Summary

Package : glibc
Problem type : local file overwrite
Debian-specific: no

The version of GNU libc that was distributed with Debian GNU/Linux 2.2
suffered from 2 security problems:

* It was possible to use LD_PRELOAD to load libraries that are listed in
/etc/ld.so.cache, even for suid programs. This could be used to create
(and overwrite) files which a user should not be allowed to.

* by using LD_PROFILE suid programs would write data to a file
to /var/tmp, which was not done safely. Again, this could be used
to create (and overwrite) files which a user should not have access
to.

Both problems have been fixed in version 2.1.3-17 and we recommend that
you upgrade your glibc packages immediately.

Please note that a side-effect of this upgrade is that ldd will no longer
work on suid programs, unless you logged in as root.


wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.


Debian GNU/Linux 2.2 alias potato
---------------------------------

...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.