Package: libc6 Version: 2.3.2.ds1-18 Severity: serious Tags: security CAN-2004-0968 describes a bug in the catchsegv program, it uses temporary files insecurely, which could be vulnerable to a symlink attack. The version shipped with Debian seems vulnerable, although sinc it puts the tmp files in the current directory, the program would probably have to be run in /tmp or another world writable directory to be exploited. Redhat has a patch for this, which also includes some changes to glibcbug, which I did not review. http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=136318 -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Kernel: Linux 2.4.27 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) Versions of packages libc6 depends on: ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl -- no debconf information -- see shy jo
Attachment:
signature.asc
Description: Digital signature