Re: Is there a fix for the glob() and glibc vulnerability ?

bug-glibc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Is there a fix for the glob() and glibc vulnerability ?

From:	Andreas Jaeger
Subject:	Re: Is there a fix for the glob() and glibc vulnerability ?
Date:	Tue, 18 Dec 2001 15:48:37 +0100
User-agent:	Gnus/5.090004 (Oort Gnus v0.04) XEmacs/21.4 (Artificial Intelligence, i386-suse-linux)

"Stephane Rozes" <address@hidden> writes:

> I work for Cert-IST, a french CERT which is a member of FIRST
> (http://www.first.org).
>
> Recent posts on Bugtraq mailing-list publically disclosed a security bug in
> "glibc" (titled "[Global InterSec 2001121001] glibc globbing issues.") - see
> the attached e-mail.
>
> Yesterday, Red Hat released the security advisory "[RHSA-2001:160-09]
> Updated glibc packages are available" about that problem.
>
> We are not aware of any fix for that problem released by Glibc maintainer.
> Is there a new version of "glibc" that fixes that bug ?

glibc 2.2.5 will have this bug fixed, but it's not released yet and
there's no confirmed date yet.  I can send you the patch that will be
in glibc 2.2.5 if you like,

Andreas
-- 
 Andreas Jaeger
  SuSE Labs address@hidden
   private address@hidden
    http://www.suse.de/~aj

[Prev in Thread]

Current Thread

[Next in Thread]

Is there a fix for the glob() and glibc vulnerability ?, Stephane Rozes, 2001/12/18
- Re: Is there a fix for the glob() and glibc vulnerability ?, Andreas Jaeger <=

Prev by Date: [PR]잉크와 함께 돼지꿈을 드립니다
Next by Date: (광고)따뜻하고 새로운소식~~
Previous by thread: Is there a fix for the glob() and glibc vulnerability ?
Next by thread: [광 고] 무료전화번호 등록, 무제한 통화
Index(es):
- Date
- Thread