USN-4-1: Standard C library script vulnerabilities

28 October 2004

Standard C library script vulnerabilities

Releases

Ubuntu 4.10

Details

Recently, Trustix Secure Linux discovered some vulnerabilities in the
libc6 package. The utilities "catchsegv" and "glibcbug" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the program.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 4.10

libc6 -

In general, a standard system update will make all the necessary changes.

References

CVE-2004-0968
CVE-2004-0968

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›