Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 342653

Summary: Last Vulnerabilities seems also to hit glibc-2.12.1-r1
Product: Gentoo Security Reporter: Karl Ernst Brunk <ke.b>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED DUPLICATE    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: AMD64   
OS: Linux   
URL: http://blog.funtoo.org/2010/10/security-update-glibc-2101-r2.html
Whiteboard:
Package list:
Runtime testing required: ---

Description Karl Ernst Brunk 2010-10-25 18:05:42 UTC 
CVE-2010-3847 and CVE-2010-3856 seem also to touch glibc-2.12.1-r1.

Reproducible: Always

Steps to Reproduce:
1.emerge =glibc-2.12.1-r1
2.umask 0 && LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="lolwhat" /bin/mount 
3.

Actual Results:  
output of mount command and the file is created

Expected Results:  
there should be no output

In spite i am on funtoo and have unsupported glibc installed, i just wanted to alarm that the mentioned test on Daniels Blog is also saying that 2.12.1-r1 is also touched.
Comment 1 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-10-25 18:11:41 UTC 
We are aware that all versions are affected.

*** This bug has been marked as a duplicate of bug 341755 ***