[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] [SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2122-2                   security@xxxxxxxxxx
http://www.debian.org/security/                            Florian Weimer
January 11, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : glibc
Vulnerability  : missing input sanitization
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2010-3847 CVE-2010-3856

Colin Watson discovered that the update for stable relased in
DSA-2122-1 did not complete address the underlying security issue in
all possible scenarios.

For the stable distribution (lenny), this problem has been fixed in
version 2.7-18lenny7.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your glibc packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJNLLcQAAoJEL97/wQC1SS+WSMH/A6KQXibz6fGS2TfjwjVkYnz
hvnosvc27MJkZCA1t25DuCweeLJXWdgLTu1SloIga5TiA/F09C6TK4ve9inEvlfq
nJ5Ccod6UdPoPAkgYFVMgwV654LBPVhLMy4yWwObI5r75i03XkluMaQYLFazzlu3
PlEdsxSGZ0A2aMiZS7EVW38Xg2HzfPlcseQQ8/v2wnvG34svlviZQiA01OJxEqHc
mhNOCWKyCEskl50qI29/O6BiN0ZrujMkmiIlE4FaUwomHJlxXFlzv93ud/vZkzGY
wyefjykfpWZFiLJ8oW9eA9w0K/0/V+PugB5C7ub2kvMR1FeVfwnO2hcZe4NJSBM=
=h05m
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/