Package: libc6
Version: 2.3.4-1
Severity: important
libacl/libcrypto/libasound all have PT_GNU_STACK enabled on them in
glibc 2.3.4-1, making them request an executable stack when none is
needed. This severely breaks a PaX system and effectively backdoors
most applications on systems using exec-shield.
Here's the relevant readelf -e output for libacl. It would be wise for
debian to check all packages for these same kinds of problems now to
avoid causing lots of problems later when glibc 2.3.4 goes into
unstable. Since this problem causes security features to be silently
disabled in the case of exec-shield, it is a security issue in addition
to a large usability problem in the case of PaX.
Program Headers:
Type Offset VirtAddr PhysAddr FileSiz MemSiz Flg Align
LOAD 0x000000 0x00000000 0x00000000 0x051b6 0x051b6 R E 0x1000
LOAD 0x0051b8 0x000061b8 0x000061b8 0x001dc 0x001fc RW 0x1000
DYNAMIC 0x0051cc 0x000061cc 0x000061cc 0x000e0 0x000e0 RW 0x4
STACK 0x000000 0x00000000 0x00000000 0x00000 0x00000 RWE 0x4
-- System Information:
Debian Release: 3.1
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Kernel: Linux 2.6.11.5-grsec
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Versions of packages libc6 depends on:
ii libdb1-compat 2.1.3-7 The Berkeley database routines [gl
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
