Nom du paquet
valgrind
Date
2009-02-26
Advisory ID
MDVSA-2009:057
Affected versions
2009.0 x86_64 , 2008.0 i586 , 2009.0 i586 , 2008.0 x86_64 , 2008.1 x86_64 , 2008.1 i586

Problem description

A vulnerability has been identified and corrected in valgrind:

Untrusted search path vulnerability in valgrind before 3.4.0
allows local users to execute arbitrary programs via a Trojan horse
.valgrindrc file in the current working directory, as demonstrated
using a malicious --db-command options. NOTE: the severity of this
issue has been disputed, but CVE is including this issue because
execution of a program from an untrusted directory is a common
scenario. (CVE-2008-4865)

The updated packages have been patched to prevent this.

Updated packages

2009.0 x86_64

 b0b4fecae9ffd5613c4ebfcb369ba23f  2009.0/x86_64/valgrind-3.3.1-2.1mdv2009.0.x86_64.rpm 
 49a62badfb184864bd5764f1d3b8280b  2009.0/SRPMS/valgrind-3.3.1-2.1mdv2009.0.src.rpm

2008.0 i586

 7d2fdce148a8c9883262ff3d6b2cf843  2008.0/i586/valgrind-3.2.3-2.2mdv2008.0.i586.rpm 
 a204fd31df3f302c19b8e6c74bd58eb1  2008.0/SRPMS/valgrind-3.2.3-2.2mdv2008.0.src.rpm

2009.0 i586

 c61e803ffafdcfbf889b604dec79fa4e  2009.0/i586/valgrind-3.3.1-2.1mdv2009.0.i586.rpm 
 49a62badfb184864bd5764f1d3b8280b  2009.0/SRPMS/valgrind-3.3.1-2.1mdv2009.0.src.rpm

2008.0 x86_64

 dfe5025371c9dc804b71e84081a62743  2008.0/x86_64/valgrind-3.2.3-2.2mdv2008.0.x86_64.rpm 
 a204fd31df3f302c19b8e6c74bd58eb1  2008.0/SRPMS/valgrind-3.2.3-2.2mdv2008.0.src.rpm

2008.1 x86_64

 2e16854eec6bc05f5a6d39e1fef120be  2008.1/x86_64/valgrind-3.3.0-3.1mdv2008.1.x86_64.rpm 
 391e202fc7f592ba63280a34245bb255  2008.1/SRPMS/valgrind-3.3.0-3.1mdv2008.1.src.rpm

2008.1 i586

 c8df0a495d0d70b8dd619044440037e2  2008.1/i586/valgrind-3.3.0-3.1mdv2008.1.i586.rpm 
 391e202fc7f592ba63280a34245bb255  2008.1/SRPMS/valgrind-3.3.0-3.1mdv2008.1.src.rpm

References