Debian DSA-2122-1 : glibc - missing input sanitization
High Nessus Plugin ID 50309
SynopsisThe remote Debian host is missing a security-related update.
DescriptionBen Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable.
SolutionUpgrade the glibc packages.
For the stable distribution (lenny), this problem has been fixed in version 2.7-18lenny6.
For the upcoming stable distribution (squeeze), this problem has been fixed in version 2.11.2-6+squeeze1 of the eglibc package.