Debian Security Advisory
DLA-557-1 dietlibc -- LTS security update
- Date Reported:
- 25 Jul 2016
- Affected Packages:
- dietlibc
- Vulnerable:
- Yes
- Security database references:
- No other external database security references currently available.
- More information:
-
It was discovered that there was an insecure default PATH in dietlibc, a libc optimized for small size.
Thorsten Glaser discovered that the default PATH in dietlibc (if the environment variable is unset) contained the current working directory.
For Debian 7
Wheezy
, this issue has been fixed in:- dietlibc version 0.33~cvs20120325-4+deb7u1
- minit version 0.10-5+deb7u1
We recommend that you upgrade your dietlibc and minit packages.