On Thu, Jun 16, 2011 at 01:51:15PM +0200, Arne Wichmann wrote: > Package: libc6 > Version: 2.13-4 > Severity: normal > Tags: patch > > >From the security tracker: > > The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and > earlier does not report an error status for failed attempts to write to the > /etc/mtab file, which makes it easier for local users to trigger corruption > of this file, as demonstrated by writes from a process with a small > RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296. > > A longer discussion is in http://seclists.org/oss-sec/2011/q1/368 > > A patch is in > http://sourceware.org/git/?p=glibc.git;a=commitdiff;h=e1fb097f447a89aa69a926e45e673a52d86a6c57 > (which also means that will be gone with version 2.14) >
This bug is fixed in the planned stable upload for Squeeze, as discussed with the release team [1]. For unstable, it will be fixed in one of the next uploads. http://lists.debian.org/debian-release/2011/06/msg00238.html -- Aurelien Jarno GPG: 1024D/F1BCDB73 [email protected] http://www.aurel32.net -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
