Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

PostgreSQL 9.3 beta: Federated databases and more

LWN.net Weekly Edition for May 9, 2013

(Nearly) full tickless operation in 3.10

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

libgssglue: privilege escalation

Package(s):

libgssglue

CVE #(s):

CVE-2011-2709

Created:

June 27, 2011

Updated:

April 8, 2013

Description:

From the SUSE advisory:

This update fixes insecure getenv() usage in libgssglue, which could be used under some circumstances by local attackers to gain root privileges.

Alerts:

SUSE	SUSE-SU-2011:0696-1	2011-06-27
Fedora	FEDORA-2012-8067	2012-06-10
Fedora	FEDORA-2012-7971	2012-06-15
Mageia	MGASA-2012-0159	2012-07-10
Gentoo	201209-22	2012-09-27
Ubuntu	USN-1612-1	2012-10-15
Mandriva	MDVSA-2013:043	2013-04-05

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds