Your submission was sent successfully! Close

USN-1009-1: GNU C Library vulnerabilities

22 October 2010

Local root escalation via LD_AUDIT environment variable.

Releases

Packages

Details

Tavis Ormandy discovered multiple flaws in the GNU C Library's handling
of the LD_AUDIT environment variable when running a privileged binary. A
local attacker could exploit this to gain root privileges. (CVE-2010-3847,
CVE-2010-3856)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 9.10
Ubuntu 9.04
Ubuntu 8.04
Ubuntu 10.10
Ubuntu 10.04

In general, a standard system update will make all the necessary changes.