Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Debian Security Advisory DSA 2058-1 (glibc, eglibc)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
The remote host is missing an update to glibc, eglibc announced via advisory DSA 2058-1.
Insight
Insight
Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. CVE-2010-0296 Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. CVE-2010-0830 Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. For the stable distribution (lenny), these problems have been fixed in version 2.7-18lenny4 of the glibc package. For the testing distribution (squeeze), these problems will be fixed soon. For the unstable distribution (sid), these problems has been fixed in version 2.1.11-1 of the eglibc package. We recommend that you upgrade your glibc or eglibc packages.
Solution
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202058-1