RHSA-2010:0787: Important: glibc security update

First published: Wed Oct 20 2010(Updated: )

The glibc packages contain the standard C libraries used by multiple<br>programs on the system. These packages contain the standard C and the<br>standard math libraries. Without these two libraries, a Linux system cannot<br>function properly.<br>It was discovered that the glibc dynamic linker/loader did not handle the<br>$ORIGIN dynamic string token set in the LD_AUDIT environment variable<br>securely. A local attacker with write access to a file system containing<br>setuid or setgid binaries could use this flaw to escalate their privileges.<br>(CVE-2010-3847)<br>Red Hat would like to thank Tavis Ormandy for reporting this issue.<br>All users should upgrade to these updated packages, which contain a<br>backported patch to correct this issue.<br>

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-errata
• anchor-id/RHSA-2010:0787
• agent/references
• agent/severity
• agent/title
• agent/type
• agent/description
• agent/tags
• agent/event
• agent/first-publish-date
• agent/softwarecombine
• agent/last-modified-date
• agent/remedy
• package-manager/redhat