Test ID:	1.3.6.1.4.1.25623.1.0.702976
Category:	Debian Local Security Checks
Title:	Debian Security Advisory DSA 2976-1 (eglibc - security update)
Summary:	Stephane Chazelas discovered that the GNU C library, glibc, processed;'..' path segments in locale-related environment variables, possibly;allowing attackers to circumvent intended restrictions, such as;ForceCommand in OpenSSH, assuming that they can supply crafted locale;settings.
Description:	Summary: Stephane Chazelas discovered that the GNU C library, glibc, processed '..' path segments in locale-related environment variables, possibly allowing attackers to circumvent intended restrictions, such as ForceCommand in OpenSSH, assuming that they can supply crafted locale settings. Affected Software/OS: eglibc on Debian Linux Solution: For the stable distribution (wheezy), this problem has been fixed in version 2.13-38+deb7u3. This update also includes changes previously scheduled for the next wheezy point release as version 2.13-38+deb7u2. See the Debian changelog for details. We recommend that you upgrade your eglibc packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2014-0475 BugTraq ID: 68505 http://www.securityfocus.com/bid/68505 Debian Security Information: DSA-2976 (Google Search) http://www.debian.org/security/2014/dsa-2976 https://security.gentoo.org/glsa/201602-02 http://www.mandriva.com/security/advisories?name=MDVSA-2014:152 http://www.openwall.com/lists/oss-security/2014/07/10/7 http://www.openwall.com/lists/oss-security/2014/07/14/6 RedHat Security Advisories: RHSA-2014:1110 https://rhn.redhat.com/errata/RHSA-2014-1110.html http://www.securitytracker.com/id/1030569
Copyright	Copyright (c) 2014 Greenbone Networks GmbH http://greenbone.net

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.