Debian Security Advisory DSA 2058-1 (glibc, eglibc)

The remote host is missing an update to glibc, eglibc announced via advisory DSA 2058-1.

Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1391, CVE-2009-4880, CVE-2009-4881 Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon family of functions. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. CVE-2010-0296 Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. CVE-2010-0830 Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges. For the stable distribution (lenny), these problems have been fixed in version 2.7-18lenny4 of the glibc package. For the testing distribution (squeeze), these problems will be fixed soon. For the unstable distribution (sid), these problems has been fixed in version 2.1.11-1 of the eglibc package. We recommend that you upgrade your glibc or eglibc packages.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%202058-1