GNU C Library: Multiple vulnerabilities

Users of GNU C Library please be advised of multiple vulnerabilities that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

USN-1009-1: [USN-1009-1] GNU C Library vulnerabilities
Details follow:

Tavis Ormandy discovered multiple flaws in the GNU C Library’s handling

of the LD_AUDIT environment variable when running a privileged binary. A

local attacker could exploit this to gain root privileges. (CVE-2010-3847,

CVE-2010-3856)Read more at http://www.criticalwatch.com

 

Advertisements