CVE-2010-3385: insecure library loading
Bug #660923 reported by
Micah Gersten
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tuxguitar (Ubuntu) |
Fix Released
|
Low
|
Micah Gersten | ||
Lucid |
Fix Released
|
Low
|
Unassigned | ||
Maverick |
Fix Released
|
Low
|
Unassigned |
Bug Description
Binary package hint: tuxguitar
Originally from Debian #598307
The vulnerability is introduced by an insecure change to
LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for
libraries on a directory other than the standard paths.
Vulnerable code follows:
/usr/bin/tuxguitar line 129:
export LD_LIBRARY_
CVE References
visibility: | private → public |
To post a comment you must log in.
I have the natty merge ready, just want to verify changelog before uploading.