| Description: | Summary:
The remote host is missing an update for the Debian 'glibc' package(s) announced via the DSA-2058-1 advisory.
Vulnerability Insight:
Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems:
CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service.
CVE-2010-0296
Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges.
CVE-2010-0830
Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges.
For the stable distribution (lenny), these problems have been fixed in version 2.7-18lenny4 of the glibc package.
For the testing distribution (squeeze), these problems will be fixed soon.
For the unstable distribution (sid), these problems has been fixed in version 2.1.11-1 of the eglibc package.
We recommend that you upgrade your glibc or eglibc packages.
Affected Software/OS:
'glibc' package(s) on Debian 5.
Solution:
Please install the updated package(s).
CVSS Score:
7.5
CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
