Ubuntu Update for Linux kernel vulnerabilities USN-1009-2

Please Install the Updated Packages.

USN-1009-1 fixed vulnerabilities in the GNU C library. Colin Watson discovered that the fixes were incomplete and introduced flaws with setuid programs loading libraries that used dynamic string tokens in their RPATH. If the &quot man&quot program was installed setuid, a local attacker could exploit this to gain &quot man&quot user privileges, potentially leading to further privilege escalations. Default Ubuntu installations were not affected. Original advisory details: Tavis Ormandy discovered multiple flaws in the GNU C Library's handling of the LD_AUDIT environment variable when running a privileged binary. A local attacker could exploit this to gain root privileges. (CVE-2010-3847, CVE-2010-3856)

eglibc, glibc vulnerability on Ubuntu 8.04 LTS , Ubuntu 9.10 , Ubuntu 10.04 LTS , Ubuntu 10.10