Bugtraq mailing list archives
Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so, locale and gettext
From: Pavel Kankovsky <peak () ARGO TROJA MFF CUNI CZ>
Date: Sun, 10 Sep 2000 17:51:44 +0200
On Sat, 9 Sep 2000, Roman Drahtmueller wrote:
SuSE distributions after (including) Version 6.0 came with libc-5.4.4? for optional backward compatibility if binaries from older Linux distributions need the good old libc5. As of today, libc5 is not known to be affected by the recently discovered locale-related bugs.
There were locale related issues in libc 5.4.x. As far as I remember, all (unpatched) versions prior to 5.4.45 were affected. 5.4.45 and 5.4.46 (the final libc5 release) include a paranoid patch that makes them ignore most env. variables in set[ug]id programs (including LC_*, LANG, and NLSPATH). --Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ] "Resistance is futile. Open your source code and prepare for assimilation."
Current thread:
- [RHSA-2000:057-04] glibc vulnerabilities in ld.so, locale and gettext bugzilla (Sep 07)
- Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so, locale and gettext Jim Knoble (Sep 08)
- Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so, locale and gettext Roman Drahtmueller (Sep 12)
- Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so, locale and gettext Pavel Kankovsky (Sep 12)
- Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so, locale and gettext Roman Drahtmueller (Sep 12)
- Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so, locale and gettext Jim Knoble (Sep 08)