=========================================================== Ubuntu Security Notice USN-4-1 October 27, 2004 Standard C library script vulnerabilities CAN-2004-0968 ===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
The following packages are affected:
libc6
The problem can be corrected by upgrading the affected package to version 2.3.2.ds1-13ubuntu2.2. In general, a standard system upgrade is sufficient to effect the necessary changes.
Details follow:
Recently, Trustix Secure Linux discovered some vulnerabilities in the libc6 package. The utilities "catchsegv" and "glibcbug" created temporary files in an insecure way, which allowed a symlink attack to create or overwrite arbitrary files with the privileges of the user invoking the program.