Joined: 12 May 2004
|Posted: Tue Dec 03, 2013 4:26 am Post subject: [ GLSA 201312-01 ] GNU C Library: Multiple vulnerabilities
|Gentoo Linux Security Advisory
Title: GNU C Library: Multiple vulnerabilities (GLSA 201312-01)
Exploitable: local, remote
Date: December 03, 2013
Bug(s): #350744, #356567, #386323, #386327, #386329, #386333, #386343, #386349, #393477, #404993
Multiple vulnerabilities have been found in GNU C Library, the
worst of which allowing arbitrary code execution and privilege escalation.
The GNU C library is the standard C library used by Gentoo Linux
Vulnerable: < 2.15-r3
Unaffected: >= 2.15-r3
Architectures: All supported architectures
Multiple vulnerabilities have been discovered in GNU C Library. Please
review the CVE identifiers referenced below for details.
A local attacker could trigger vulnerabilities in dynamic library
loader, making it possible to load attacker-controlled shared objects
during execution of setuid/setgid programs to escalate privileges.
A context-dependent attacker could trigger various vulnerabilities in
GNU C Library, including a buffer overflow, leading to execution of
arbitrary code or a Denial of Service.
There is no known workaround at this time.
All GNU C Library users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.15-r3"
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum