Pardus alert 2011-83 (glibc)
| From: | Meltem Parmaksız <meltem@pardus.org.tr> | |
| To: | pardus-security@pardus.org.tr | |
| Subject: | [Pardus-security] [PLSA 2011-83] glibc: Multible Vulnerabilities | |
| Date: | Tue, 21 Jun 2011 16:08:00 +0300 | |
| Message-ID: | <201106211608.00301.meltem@pardus.org.tr> |
------------------------------------------------------------------------ Pardus Linux Security Advisory 2011-83 security@pardus.org.tr ------------------------------------------------------------------------ Date: 2011-06-03 Severity: 2 Type: Local ------------------------------------------------------------------------ Summary ======= Multible vulnerabilities have been fixed in glibc. Description =========== CVE-2011-1071: GNU glibc is prone to a stack-corruption vulnerability.An attacker can exploit this issue to execute arbitrary machine code in the context of the application that uses the affected library. Failed exploit attempts will likely crash the application. CVE-2011-1095: locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6) before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function. Affected packages: Pardus 2009: glibc, all before 2.9-54-15 Resolution ========== There are update(s) for glibc. You can update them via Package Manager or with a single command from console: pisi up glibc References ========== * http://bugs.pardus.org.tr/show_bug.cgi?id=17680 * http://bugs.pardus.org.tr/show_bug.cgi?id=17815 ------------------------------------------------------------------------ _______________________________________________ Pardus-Security mailing list Pardus-Security@pardus.org.tr http://liste.pardus.org.tr/mailman/listinfo/pardus-security