This bug was fixed in the package vdr - 1.6.0-18ubuntu1.1
---------------
vdr (1.6.0-18ubuntu1.1) maverick-security; urgency=low
* SECURITY UPDATE: vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a
zero-length directory name in the LD_LIBRARY_PATH, which allows local users
to gain privileges via a Trojan horse shared library in the current working
directory. (LP: #930700)
-
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/24#debian/vdrleaktest
and
http://bazaar.launchpad.net/~ubuntu-branches/ubuntu/natty/vdr/natty/revision/25#debian/vdrleaktest
- debian/vdrtestleak: changed to set LD_LIBRARY_PATH securely
- CVE-2010-3387
-- Zubin Mithra <[email protected]> Tue, 14 Feb 2012 10:38:34 -0800
** Changed in: vdr (Ubuntu)
Status: Incomplete => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/930700
Title:
vdrleaktest in Video Disk Recorder (VDR) 1.6.0 places a zero-length
directory name in the LD_LIBRARY_PATH
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vdr/+bug/930700/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
