Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so, locale and gettext

[Pavel Kankovsky <peak () ARGO TROJA MFF CUNI CZ>]

On Sat, 9 Sep 2000, Roman Drahtmueller wrote:

> SuSE distributions after (including) Version 6.0 came with libc-5.4.4? for
> optional backward compatibility if binaries from older Linux distributions
> need the good old libc5. As of today, libc5 is not known to be affected by
> the recently discovered locale-related bugs.

There were locale related issues in libc 5.4.x. As far as I remember, all
(unpatched) versions prior to 5.4.45 were affected. 5.4.45 and 5.4.46 (the
final libc5 release) include a paranoid patch that makes them ignore most
env. variables in set[ug]id programs (including LC_*, LANG, and NLSPATH).

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."