March 8, 2001

Security advisory for glibc

Author: JT Smith

From the Debian Security Advisory list March 8, 2001:

Package : glibc
Problem type : local file overwrite
Debian-specific: no

The version of GNU libc that was distributed with Debian GNU/Linux 2.2
suffered from 2 security problems:* It was possible to use LD_PRELOAD to load libraries that are listed
in
/etc/ld.so.cache, even for suid programs. This could be used to
create
(and overwrite) files which a user should not be allowed to.

* by using LD_PROFILE suid programs would write data to a file
to /var/tmp, which was not done safely. Again, this could be used
to create (and overwrite) files which a user should not have access
to.

Both problems have been fixed in version 2.1.3-17 and we recommend that
you upgrade your glibc packages immediately.

Please note that a side-effect of this upgrade is that ldd will no
longer
work on suid programs, unless you logged in as root.

wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.

Debian GNU/Linux 2.2 alias potato

Category:

  • Linux
Click Here!