CVE-2017-1000366 (retired)

Priority
Description
glibc contains a vulnerability that allows specially crafted
LD_LIBRARY_PATH values to manipulate the heap/stack, causing them to alias,
potentially resulting in arbitrary code execution. Please note that
additional hardening changes have been made to glibc to prevent
manipulation of stack and heap memory but these issues are not directly
exploitable, as such they have not been given a CVE. This affects glibc
2.25 and earlier.
Ubuntu-Description
It was discovered that the GNU C library did not properly handle
memory when processing environment variables for setuid programs.
A local attacker could use this in combination with another
vulnerability to gain administrative privileges.
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (2.15-0ubuntu10.20)
Ubuntu 14.04 LTS (Trusty Tahr):released (2.19-0ubuntu6.13)
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Package
Source: glibc (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (2.23-0ubuntu9)
More Information

Updated: 2019-03-26 12:24:17 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)