Rapid7 Vulnerability & Exploit Database

RHSA-2011:1526: glibc security, bug fix, and enhancement update

Back to Search

RHSA-2011:1526: glibc security, bug fix, and enhancement update



The glibc packages contain the standard C libraries used by multipleprograms on the system. These packages contain the standard C and thestandard math libraries. Without these two libraries, a Linux systemcannot function properly.A flaw was found in the way the ldd utility identified dynamically linkedlibraries. If an attacker could trick a user into running ldd on amalicious binary, it could result in arbitrary code execution with theprivileges of the user running ldd. (CVE-2009-5064)It was found that the glibc addmntent() function, used by various mounthelper utilities, did not handle certain errors correctly when updating themtab (mounted file systems table) file. If such utilities had the setuidbit set, a local attacker could use this flaw to corrupt the mtab file.(CVE-2011-1089)Red Hat would like to thank Dan Rosenberg for reporting the CVE-2011-1089issue.This update also fixes several bugs and adds various enhancements.Documentation for these bug fixes and enhancements will be availableshortly from the Technical Notes document, linked to in the Referencessection.Users are advised to upgrade to these updated glibc packages, which containbackported patches to resolve these issues and add these enhancements.


  • redhat-upgrade-glibc
  • redhat-upgrade-glibc-common
  • redhat-upgrade-glibc-debuginfo
  • redhat-upgrade-glibc-debuginfo-common
  • redhat-upgrade-glibc-devel
  • redhat-upgrade-glibc-headers
  • redhat-upgrade-glibc-static
  • redhat-upgrade-glibc-utils
  • redhat-upgrade-nscd

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center