[16686] in bugtraq
Re: [RHSA-2000:057-04] glibc vulnerabilities in ld.so,
daemon@ATHENA.MIT.EDU (Pavel Kankovsky)
Mon Sep 11 01:52:49 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <20000910173339.1B2.0@bobanek.nowhere.cz>
Date: Sun, 10 Sep 2000 17:51:44 +0200
Reply-To: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
From: Pavel Kankovsky <peak@ARGO.TROJA.MFF.CUNI.CZ>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.LNX.4.21.0009090145340.28586-100000@dent.suse.de>
On Sat, 9 Sep 2000, Roman Drahtmueller wrote:
> SuSE distributions after (including) Version 6.0 came with libc-5.4.4? for
> optional backward compatibility if binaries from older Linux distributions
> need the good old libc5. As of today, libc5 is not known to be affected by
> the recently discovered locale-related bugs.
There were locale related issues in libc 5.4.x. As far as I remember, all
(unpatched) versions prior to 5.4.45 were affected. 5.4.45 and 5.4.46 (the
final libc5 release) include a paranoid patch that makes them ignore most
env. variables in set[ug]id programs (including LC_*, LANG, and NLSPATH).
--Pavel Kankovsky aka Peak [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."
