TORCS - The Open Racing Car Simulator / Bugs / #99 [Patch] CVE-2010-3384: insecure library loading

#99 [Patch] CVE-2010-3384: insecure library loading

Status: closed

Owner: Bernhard Wymann

Labels: game engine (30)

Priority: 1

Updated: 2012-07-03

Created: 2010-10-17

Creator: Rudy Godoy

Private: No

Please, find attached a patch for the CVE vulnerability issue encountered by the Debian team.

Description:
The vulnerability is introduced by an insecure change to LD_LIBRARY_PATH, and environment variable used by ld.so(8) to look for libraries on a directory other than the standard paths.

Discussion

Rudy Godoy - 2010-10-17

CVE-2010-3384

04-cve-2010-3384.patch

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Rudy Godoy - 2010-10-17

More details can be found here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=598306

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Bernhard Wymann - 2011-12-29

will be in 1.3.2

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

[Patch] CVE-2010-3384: insecure library loading

Group

Searches

Help

#99 [Patch] CVE-2010-3384: insecure library loading

Discussion