CVE-2011-1095

locale/programs/locale.c in locale in the GNU C Library (aka glibc or
libc6) before 2.13 does not quote its output, which might allow local users
to gain privileges via a crafted localization environment variable, in
conjunction with a program that executes a script that uses the eval
function.

Bugs

• <http://bugs.gentoo.org/show_bug.cgi?id=330923&gt;
• <http://sources.redhat.com/bugzilla/show_bug.cgi?id=11904&gt;
• <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-1095&gt;