Debian Security Advisory

DLA-557-1 dietlibc -- LTS security update

Date Reported:
25 Jul 2016
Affected Packages:
Security database references:
No other external database security references currently available.
More information:

It was discovered that there was an insecure default PATH in dietlibc, a libc optimized for small size.

Thorsten Glaser discovered that the default PATH in dietlibc (if the environment variable is unset) contained the current working directory.

For Debian 7 Wheezy, this issue has been fixed in:

  • dietlibc version 0.33~cvs20120325-4+deb7u1
  • minit version 0.10-5+deb7u1

We recommend that you upgrade your dietlibc and minit packages.