openSUSE Security Update : glibc (openSUSE-SU-2010:0912-1)
High Nessus Plugin ID 75518
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update of glibc fixes two bugs and security issues :
CVE-2010-3847: Decoding of the $ORIGIN special value in various LD_ environment variables allowed local attackers to execute code in context of e.g. setuid root programs, elevating privileges. This issue does not affect SUSE as an assertion triggers before the respective code is executed. The bug was fixed nevertheless.
CVE-2010-3856: The LD_AUDIT environment was not pruned during setuid root execution and could load shared libraries from standard system library paths. This could be used by local attackers to inject code into setuid root programs and so elevated privileges.
SolutionUpdate the affected glibc packages.