USN-4-1: Standard C library script vulnerabilities
28 October 2004
Standard C library script vulnerabilities
Releases
Details
Recently, Trustix Secure Linux discovered some vulnerabilities in the
libc6 package. The utilities "catchsegv" and "glibcbug" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the program.
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 4.10
-
libc6
-
In general, a standard system update will make all the necessary changes.