Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 386329

Summary: <sys-libs/glibc-2.13: Privilege escalation (CVE-2011-1095)
Product: Gentoo Security Reporter: GLSAMaker/CVETool Bot <glsamaker>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: major    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: A2 [glsa]
Package list:
Runtime testing required: ---

Description GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 14:33:11 UTC 
CVE-2011-1095 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1095):
  locale/programs/locale.c in locale in the GNU C Library (aka glibc or libc6)
  before 2.13 does not quote its output, which might allow local users to gain
  privileges via a crafted localization environment variable, in conjunction
  with a program that executes a script that uses the eval function.


Can we stabilize 2.13? Please also take a look at bug 386327 before deciding.
Comment 1 SpanKY gentoo-dev 2012-04-13 23:53:59 UTC 
glibc-2.13 is stable now
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-04-14 02:08:29 UTC 
Thanks. Already on GLSA request.
Comment 3 Mark Loeser (RETIRED) gentoo-dev 2013-02-22 23:24:58 UTC 
toolchain done
Comment 4 GLSAMaker/CVETool Bot gentoo-dev 2013-12-03 04:14:31 UTC 
This issue was resolved and addressed in
 GLSA 201312-01 at http://security.gentoo.org/glsa/glsa-201312-01.xml
by GLSA coordinator Chris Reffett (creffett).