MDVSA-2009:057
- Package name
- valgrind
- Date
- 2009-02-26
- Advisory ID
- MDVSA-2009:057
- Affected versions
- 2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , 2008.0 x86_64 , 2008.1 x86_64 , 2008.1 i586
Problem description
A vulnerability has been identified and corrected in valgrind:
Untrusted search path vulnerability in valgrind before 3.4.0
allows local users to execute arbitrary programs via a Trojan horse
.valgrindrc file in the current working directory, as demonstrated
using a malicious --db-command options. NOTE: the severity of this
issue has been disputed, but CVE is including this issue because
execution of a program from an untrusted directory is a common
scenario. (CVE-2008-4865)
The updated packages have been patched to prevent this.
Updated packages
2009.0 x86_64
b0b4fecae9ffd5613c4ebfcb369ba23f 2009.0/x86_64/valgrind-3.3.1-2.1mdv2009.0.x86_64.rpm 49a62badfb184864bd5764f1d3b8280b 2009.0/SRPMS/valgrind-3.3.1-2.1mdv2009.0.src.rpm
2008.0 i586
7d2fdce148a8c9883262ff3d6b2cf843 2008.0/i586/valgrind-3.2.3-2.2mdv2008.0.i586.rpm a204fd31df3f302c19b8e6c74bd58eb1 2008.0/SRPMS/valgrind-3.2.3-2.2mdv2008.0.src.rpm
2009.0 i586
c61e803ffafdcfbf889b604dec79fa4e 2009.0/i586/valgrind-3.3.1-2.1mdv2009.0.i586.rpm 49a62badfb184864bd5764f1d3b8280b 2009.0/SRPMS/valgrind-3.3.1-2.1mdv2009.0.src.rpm
2008.0 x86_64
dfe5025371c9dc804b71e84081a62743 2008.0/x86_64/valgrind-3.2.3-2.2mdv2008.0.x86_64.rpm a204fd31df3f302c19b8e6c74bd58eb1 2008.0/SRPMS/valgrind-3.2.3-2.2mdv2008.0.src.rpm
2008.1 x86_64
2e16854eec6bc05f5a6d39e1fef120be 2008.1/x86_64/valgrind-3.3.0-3.1mdv2008.1.x86_64.rpm 391e202fc7f592ba63280a34245bb255 2008.1/SRPMS/valgrind-3.3.0-3.1mdv2008.1.src.rpm
2008.1 i586
c8df0a495d0d70b8dd619044440037e2 2008.1/i586/valgrind-3.3.0-3.1mdv2008.1.i586.rpm 391e202fc7f592ba63280a34245bb255 2008.1/SRPMS/valgrind-3.3.0-3.1mdv2008.1.src.rpm