On Mon, Oct 26, 2009 at 05:03:56PM -0400, Michael Gilbert wrote: > package: eglibc > version: 2.10.1-2 > severity: important > tags: security > > it has been disclosed that it is possible to execute arbitrary code via > ldd. this is a pretty obscure attack vector since it requires the user > to run ldd on an untrusted executable. while unlikely (since users > using ldd should be reasonably intelligent), it is very much possible, > so a fix should be made. see [0] for more details. > > i don't think that this is severe enough to warrant a DSA. if you > would like to fix the problem in the stable releases, please > coordinate with the release team. >
It is something know for years... Do you actually have a patch to fix this? -- Aurelien Jarno GPG: 1024D/F1BCDB73 [email protected] http://www.aurel32.net -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
