Launchpad CVE tracker

CVE 2011-1089

The addmntent function in the GNU C Library (aka glibc or libc6) 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296.

Related bugs and status

CVE-2011-1089 (Candidate) is related to these bugs:

Bug #791315: libnih version 1.0.3-4ubuntu1 failed to build on armel

		In	Importance	Status
791315	libnih version 1.0.3-4ubuntu1 failed to build on armel	libnih (Ubuntu)	Undecided	Fix Released
791315	libnih version 1.0.3-4ubuntu1 failed to build on armel	eglibc (Ubuntu)	Medium	Fix Released
791315	libnih version 1.0.3-4ubuntu1 failed to build on armel	Linaro GCC	Undecided	Invalid
791315	libnih version 1.0.3-4ubuntu1 failed to build on armel	eglibc (Ubuntu Lucid)	Medium	Won't Fix
791315	libnih version 1.0.3-4ubuntu1 failed to build on armel	libnih (Ubuntu Lucid)	Undecided	Won't Fix
791315	libnih version 1.0.3-4ubuntu1 failed to build on armel	eglibc (Ubuntu Maverick)	Medium	Won't Fix
791315	libnih version 1.0.3-4ubuntu1 failed to build on armel	libnih (Ubuntu Maverick)	Undecided	Won't Fix
791315	libnih version 1.0.3-4ubuntu1 failed to build on armel	eglibc (Ubuntu Natty)	Medium	Won't Fix
791315	libnih version 1.0.3-4ubuntu1 failed to build on armel	libnih (Ubuntu Natty)	Undecided	Won't Fix

Bug #799673: localedef doesn't know about rupee symbol

Summary				In	Importance	Status
	799673	localedef doesn't know about rupee symbol		eglibc (Ubuntu)	Low	Fix Released
	799673	localedef doesn't know about rupee symbol		langpack-locales (Ubuntu)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1089

References