Package: libc6 Version: 2.13-4 Severity: normal Tags: patch >From the security tracker:
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. A longer discussion is in http://seclists.org/oss-sec/2011/q1/368 A patch is in http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57 (which also means that will be gone with version 2.14) cu AW -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (500, 'stable'), (50, 'unstable'), (40, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.38 (PREEMPT) Locale: LANG=C, LC_CTYPE=de_DE (charmap=ISO-8859-1) Shell: /bin/sh linked to /bin/dash Versions of packages libc6 depends on: ii libc-bin 2.13-4 Embedded GNU C Library: Binaries ii libgcc1 1:4.6.0-10 GCC support library Versions of packages libc6 recommends: pn libc6-i686 <none> (no description available) Versions of packages libc6 suggests: ii debconf [debconf-2.0] 1.5.39 Debian configuration management sy pn glibc-doc <none> (no description available) ii locales 2.13-4 Embedded GNU C Library: National L -- debconf information excluded -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
