Summary: | <sys-libs/glibc-2.16.0: pt_chown priv escalation (CVE-2013-2207) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | ||
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://sourceware.org/bugzilla/show_bug.cgi?id=15755 | ||
Whiteboard: | A1 [glsa cleanup] | ||
Package list: | Runtime testing required: | --- |
Description
GLSAMaker/CVETool Bot
2013-10-15 03:27:24 UTC
this is largely a non-issue for us. i disabled the suid in glibc starting in the 2.16.0 release. glibc-2.17 is stable now too Added to an existing GLSA request. But we need to do something about cleaning up the tree... glibc goes back to version 2.10.1-r1 clearly vulnerable. Any recommendations? Maintainer(s), please drop the vulnerable version(s). This issue was resolved and addressed in GLSA 201503-04 at http://security.gentoo.org/glsa/glsa-201503-04.xml by GLSA coordinator Kristian Fiskerstrand (K_F). |