|
|
Family: Ubuntu Local Security Checks --> Category: infos
USN4-1 : Standard C library script vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Standard C library script vulnerabilities
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- glibc-doc
- libc6
- libc6-dbg
- libc6-dev
- libc6-i686
- libc6-pic
- libc6-prof
- locales
- nscd
Description :
Recently, Trustix Secure Linux discovered some vulnerabilities in the
libc6 package. The utilities "catchsegv" and "glibcbug" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the rights of the user
invoking the program.
Solution :
Upgrade to :
- glibc-doc-2.3.2.ds1-13ubuntu2.2 (Ubuntu 4.10)
- libc6-2.3.2.ds1-13ubuntu2.2 (Ubuntu 4.10)
- libc6-dbg-2.3.2.ds1-13ubuntu2.2 (Ubuntu 4.10)
- libc6-dev-2.3.2.ds1-13ubuntu2.2 (Ubuntu 4.10)
- libc6-i686-2.3.2.ds1-13ubuntu2.2 (Ubuntu 4.10)
- libc6-pic-2.3.2.ds1-13ubuntu2.2 (Ubuntu 4.10)
- libc6-prof-2.3.2.ds1-13ubuntu2.2 (Ubuntu 4.10)
- locales-2.3.2.ds1-13ubuntu2.2 (Ubuntu 4.10)
- nscd-2.3.2.ds1-13ubuntu2.2 (Ubuntu 4.10)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
