342653 – Last Vulnerabilities seems also to hit glibc-2.12.1-r1

Bug 342653 - Last Vulnerabilities seems also to hit glibc-2.12.1-r1

Summary: Last Vulnerabilities seems also to hit glibc-2.12.1-r1

Status:	RESOLVED DUPLICATE of bug 341755

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	AMD64 Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://blog.funtoo.org/2010/10/securi...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2010-10-25 18:05 UTC by Karl Ernst Brunk
Modified:	2010-10-25 18:11 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Karl Ernst Brunk 2010-10-25 18:05:42 UTC

CVE-2010-3847 and CVE-2010-3856 seem also to touch glibc-2.12.1-r1.

Reproducible: Always

Steps to Reproduce:
1.emerge =glibc-2.12.1-r1
2.umask 0 && LD_AUDIT="libpcprofile.so" PCPROFILE_OUTPUT="lolwhat" /bin/mount 
3.

Actual Results:  
output of mount command and the file is created

Expected Results:  
there should be no output

In spite i am on funtoo and have unsupported glibc installed, i just wanted to alarm that the mentioned test on Daniels Blog is also saying that 2.12.1-r1 is also touched.

Comment 1 Alex Legler (RETIRED) archtester

2010-10-25 18:11:41 UTC

We are aware that all versions are affected.

*** This bug has been marked as a duplicate of bug 341755 ***