[Debian-ha-maintainers] Bug#598549: [Linux-ha-dev] Fwd: Bug#598549: cluster-agents: CVE-2010-3389: insecure library loading
Aníbal Monsalve Salazar
anibal at debian.org
Fri Oct 1 09:55:02 UTC 2010
On Thu, Sep 30, 2010 at 10:44:42AM +0900, Simon Horman wrote:
>I received this through the Debian bug tracker.
>Its not immediately clear to me what an appropriate fix would be.
The following diff shows how I fixed "qtparted: CVE-2010-3375: insecure
library loading" bug.
-export LD_LIBRARY_PATH="$QTDIR/lib:$LD_LIBRARY_PATH"
+LD_LIBRARY_PATH=$( echo "$LD_LIBRARY_PATH" | sed "s/\s//g" )
+if [ -n "$LD_LIBRARY_PATH" ]
+then
+ export LD_LIBRARY_PATH="$QTDIR/lib:$LD_LIBRARY_PATH"
+else
+ export LD_LIBRARY_PATH="$QTDIR/lib"
+fi
export PATH=/sbin:/usr/sbin:/bin:/usr/bin:$PATH
Please note that if you also set PATH as above, you'll have to check
$PATH before adding it with ":$PATH" to PATH.
if $PATH is empty then ":$PATH" is equivalent to ":." and you don't want
to add "." to the path search.
More information about the Debian-ha-maintainers
mailing list