CVE-2014-0475
Published: 29 July 2014
Multiple directory traversal vulnerabilities in GNU C Library (aka glibc or libc6) before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. (dot dot) in a (1) LC_*, (2) LANG, or other locale environment variable.
Notes
Author | Note |
---|---|
jdstrand | The fix for this introduced a localplt regression |
Priority
Status
Package | Release | Status |
---|---|---|
eglibc Launchpad, Ubuntu, Debian |
lucid |
Released
(2.11.1-0ubuntu7.14)
|
precise |
Released
(2.15-0ubuntu10.6)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Released
(2.19-0ubuntu6.1)
|
|
upstream |
Released
(2.19-7)
|
|
glibc Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.19-6)
|
|
Patches: upstream: https://sourceware.org/git/?p=glibc.git;h=4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3 upstream: https://sourceware.org/git/?p=glibc.git;h=585367266923156ac6fb789939a923641ba5aaf4 (doc) upstream: https://sourceware.org/git/?p=glibc.git;h=d183645616b0533b3acee28f1a95570bffbdf50f upstream: https://sourceware.org/git/?p=glibc.git;h=ca38dc17d85b09776a709c8ea7155c414df14073 (regression fix) |