Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

[SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation
From: Florian Weimer <fw () deneb enyo de>
Date: Tue, 11 Jan 2011 20:49:11 +0100

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -------------------------------------------------------------------------
Debian Security Advisory DSA-2122-2                   security () debian org
http://www.debian.org/security/                            Florian Weimer
January 11, 2011                       http://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : glibc
Vulnerability  : missing input sanitization
Problem type   : local
Debian-specific: no
CVE ID         : CVE-2010-3847 CVE-2010-3856

Colin Watson discovered that the update for stable relased in
DSA-2122-1 did not complete address the underlying security issue in
all possible scenarios.

For the stable distribution (lenny), this problem has been fixed in
version 2.7-18lenny7.

For the testing distribution (squeeze) and the unstable distribution
(sid), this problem will be fixed soon.

We recommend that you upgrade your glibc packages.

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: http://www.debian.org/security/

Mailing list: debian-security-announce () lists debian org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJNLLcQAAoJEL97/wQC1SS+WSMH/A6KQXibz6fGS2TfjwjVkYnz
hvnosvc27MJkZCA1t25DuCweeLJXWdgLTu1SloIga5TiA/F09C6TK4ve9inEvlfq
nJ5Ccod6UdPoPAkgYFVMgwV654LBPVhLMy4yWwObI5r75i03XkluMaQYLFazzlu3
PlEdsxSGZ0A2aMiZS7EVW38Xg2HzfPlcseQQ8/v2wnvG34svlviZQiA01OJxEqHc
mhNOCWKyCEskl50qI29/O6BiN0ZrujMkmiIlE4FaUwomHJlxXFlzv93ud/vZkzGY
wyefjykfpWZFiLJ8oW9eA9w0K/0/V+PugB5C7ub2kvMR1FeVfwnO2hcZe4NJSBM=
=h05m
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • [SECURITY] [DSA 2122-2] New glibc packages fix privilege escalation Florian Weimer (Jan 11)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault