Steve Kemp wrote:
> > Due to a bug in the environment variable substitution code it is
> > possible to inject environment variables such as LD_PRELOAD and gain a
> > root shell.
Charles Stevenson discovered that osh, the operator's shell for
executing defined programs in a privileged environment, does not
handle environment variables properly, allowing a local attacker to
open a root shell.
Please take care of the package for woody as well.
Regards,
Joey
--
This is GNU/Linux Country. On a quiet night, you can hear Windows reboot.
Please always Cc to me when replying to me on the lists.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
