Ubuntu Security Notice USN-4-1 October 27, 2004
Standard C library script vulnerabilities CAN-2004-0968
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
The problem can be corrected by upgrading the affected package to
version 2.3.2.ds1-13ubuntu2.2. In general, a standard system upgrade
is sufficient to effect the necessary changes.
Recently, Trustix Secure Linux discovered some vulnerabilities in the
libc6 package. The utilities "catchsegv" and "glibcbug" created
temporary files in an insecure way, which allowed a symlink attack to
create or overwrite arbitrary files with the privileges of the user
invoking the program.