Debian DLA-43-1 : eglibc security update

CVE-2014-0475 Stephane Chazelas discovered that the GNU C library, glibc, processed '..' path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings...

[SECURITY] [DSA 2976-1] eglibc security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2976-1 [email protected] http://www.debian.org/security/ Florian Weimer July 10, 2014 http://www.debian.org/security/faq -...