Debian Linux Security Advisory 2058-1 - Several vulnerabilities have been discovered in the GNU C Library (aka glibc) and its derivatives.
a3e6451fc8bc3981f5bacfe1586c02bc17698e70155ea54426f4c30b9fb42d4b
Ubuntu Security Notice 944-1 - Maksymilian Arciemowicz discovered that the GNU C library did not correctly handle integer overflows in the strfmon function. If a user or automated system were tricked into processing a specially crafted format string, a remote attacker could crash applications, leading to a denial of service. (Ubuntu 10.04 was not affected.) Jeff Layton and Dan Rosenberg discovered that the GNU C library did not correctly handle newlines in the mntent family of functions. If a local attacker were able to inject newlines into a mount entry through other vulnerable mount helpers, they could disrupt the system or possibly gain root privileges. Dan Rosenberg discovered that the GNU C library did not correctly validate certain ELF program headers. If a user or automated system were tricked into verifying a specially crafted ELF program, a remote attacker could execute arbitrary code with user privileges.
3912a2ecbd425f205230279f33dba703af4f372c3f17130c8ea1d9cf79a904f4
FreeBSD and NetBSD suffer from multiple vulnerabilities in libc in the strfmon() function.
cbe3c1735c6036b3a1b56bde659692782a69127f4311229609029b7922bf0442