(RHSA-2010:0787) Important: glibc security update

2010-10-20T04:00:00
ID RHSA-2010:0787
Type redhat
Reporter RedHat
Modified 2017-09-08T11:48:08

Description

The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.

It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847)

Red Hat would like to thank Tavis Ormandy for reporting this issue.

All users should upgrade to these updated packages, which contain a backported patch to correct this issue.