ID CVE-2009-3736
Summary ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
References
Vulnerable Configurations
  • GNU libtool 1.5
    cpe:2.3:a:gnu:libtool:1.5
  • cpe:2.3:a:gnu:libtool:2.2.6a
    cpe:2.3:a:gnu:libtool:2.2.6a
  • cpe:2.3:a:gnu:libtool:1.5.2
    cpe:2.3:a:gnu:libtool:1.5.2
  • cpe:2.3:a:gnu:libtool:1.5.4
    cpe:2.3:a:gnu:libtool:1.5.4
  • cpe:2.3:a:gnu:libtool:1.5.6
    cpe:2.3:a:gnu:libtool:1.5.6
  • cpe:2.3:a:gnu:libtool:1.5.8
    cpe:2.3:a:gnu:libtool:1.5.8
  • cpe:2.3:a:gnu:libtool:1.5.10
    cpe:2.3:a:gnu:libtool:1.5.10
  • cpe:2.3:a:gnu:libtool:1.5.12
    cpe:2.3:a:gnu:libtool:1.5.12
  • cpe:2.3:a:gnu:libtool:1.5.14
    cpe:2.3:a:gnu:libtool:1.5.14
  • cpe:2.3:a:gnu:libtool:1.5.16
    cpe:2.3:a:gnu:libtool:1.5.16
  • cpe:2.3:a:gnu:libtool:1.5.18
    cpe:2.3:a:gnu:libtool:1.5.18
  • cpe:2.3:a:gnu:libtool:1.5.20
    cpe:2.3:a:gnu:libtool:1.5.20
  • cpe:2.3:a:gnu:libtool:1.5.22
    cpe:2.3:a:gnu:libtool:1.5.22
  • cpe:2.3:a:gnu:libtool:1.5.24
    cpe:2.3:a:gnu:libtool:1.5.24
  • cpe:2.3:a:gnu:libtool:1.5.26
    cpe:2.3:a:gnu:libtool:1.5.26
CVSS
Base: 6.9 (as of 30-11-2009 - 11:41)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-105.NASL
    description This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow : An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow (CVE-2009-0200). A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing (CVE-2009-0201). A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file (CVE-2009-2139). Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file (CVE-2009-2140). OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736). Addittionaly this update provides following bug fixes : OpenOffice.org is not properly configure to use the xdg-email functionality of the FreeDesktop standard (#52195). Template desktop icons are not properly set up then they are not presented under the context menu of applications like Dolphin (#56439). libia_ora-gnome is added as suggest as long as that package is needed for a better look (#57385#c28). It is enabled a fallback logic to properly select an OpenOffice.org style whenever one is set up but that is not installed (#57530#c1, #53284, #45133, #39043) It is enabled the Firefox plugin for viewing OpenOffice.org documents inside browser. Further packages were provided to supply OpenOffice.org. 3.1.1 dependencies.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 46699
    published 2010-05-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46699
    title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:105)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-056.NASL
    description This update provides the OpenOffice.org 3.0 major version and holds the security fixes for the following issues : An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document leading to a heap-based buffer overflow (CVE-2009-0200). An heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document related to table parsing. (CVE-2009-0201). Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file (CVE-2009-2140). OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736). Additional packages are also being provided due to dependencies. Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 44996
    published 2010-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44996
    title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:056)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201311-10.NASL
    description The remote host is affected by the vulnerability described in GLSA-201311-10 (GraphicsMagick: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in GraphicsMagick. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could entice a user to open a specially crafted image file, potentially resulting in arbitrary code execution or a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 70959
    published 2013-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70959
    title GLSA-201311-10 : GraphicsMagick: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-318.NASL
    description Multiple security vulnerabilities has been identified and fixed in xmlsec1 : A missing check for the recommended minimum length of the truncated form of HMAC-based XML signatures was found in xmlsec1 prior to 1.2.12. An attacker could use this flaw to create a specially crafted XML file that forges an XML signature, allowing the attacker to bypass authentication that is based on the XML Signature specification (CVE-2009-0217). All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code (CVE-2009-3736). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update fixes this vulnerability.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 43021
    published 2009-12-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43021
    title Mandriva Linux Security Advisory : xmlsec1 (MDVSA-2009:318)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2010-0039.NASL
    description From Red Hat Security Advisory 2010:0039 : Updated gcc and gcc4 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool's libltdl library. A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to trick a local user into running a Java application (which uses a function to load native libraries, such as System.loadLibrary) from within an attacker-controlled directory containing a malicious library or module, the attacker could possibly execute arbitrary code with the privileges of the user running the Java application. (CVE-2009-3736) All gcc and gcc4 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running Java applications using libgcj must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67985
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67985
    title Oracle Linux 3 / 4 / 5 : gcc / gcc4 (ELSA-2010-0039)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1958.NASL
    description It was discovered that ltdl, a system-independent dlopen wrapper for GNU libtool, can be tricked to load and run modules from an arbitrary directory, which might be used to execute arbitrary code with the privileges of the user running an application that uses libltdl.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44823
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44823
    title Debian DSA-1958-1 : libtool - privilege escalation
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-4340.NASL
    description Remove embedded ltdl to fix CVE-2009-3736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 47356
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47356
    title Fedora 13 : gnu-smalltalk-3.1-8.fc13 (2010-4340)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBTOOL-6678.NASL
    description libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.
    last seen 2018-09-02
    modified 2012-05-17
    plugin id 43634
    published 2010-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43634
    title SuSE 10 Security Update : libtool (ZYPP Patch Number 6678)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-2943.NASL
    description Not sure whether mingw32-libltdl (due to its special nature in being for cross- compilation development for an entirely different system) is actually affected by CVE-2009-3736, but this should make sure everything is fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 47296
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47296
    title Fedora 11 : mingw32-libltdl-1.5.26-17.fc11 (2010-2943)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-1967.NASL
    description Rebuilt against system libltdl. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 52539
    published 2011-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52539
    title Fedora 14 : q-7.11-8.fc14 (2011-1967)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-035.NASL
    description This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow : An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow (CVE-2009-0200). A heap-based buffer overflow might allow remote attackers to execute arbitrary code via unspecified records in a crafted Word document, related to table parsing (CVE-2009-0201). A heap-based buffer overflow allows remote attackers to execute arbitrary code via a crafted EMF file (CVE-2009-2139). Multiple heap-based buffer overflows allow remote attackers to execute arbitrary code via a crafted EMF+ file (CVE-2009-2140). OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736). Further this update provides following bug fixes : OpenOffice.org is not properly configure to use the xdg-email functionality of the FreeDesktop standard (#52195). As the template desktop icons are not properly set, it's not presented under the context menu of applications like Dolphin (#56439). The Firefox plugin which enables viewing of OpenOffice documents inside the browser was not enabled.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 48172
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48172
    title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:035)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12554.NASL
    description libltdl of libtool may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 44929
    published 2010-03-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44929
    title SuSE9 Security Update : libtool (YOU Patch Number 12554)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-1958.NASL
    description Rebuilt against system libltdl. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 52538
    published 2011-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52538
    title Fedora 13 : q-7.11-8.fc13 (2011-1958)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-4339.NASL
    description Remove embedded ltdl to fix CVE-2009-3736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47355
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47355
    title Fedora 12 : gnu-smalltalk-3.1-8.fc12 (2010-4339)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-1646.NASL
    description Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool's libltdl library looked for modules to load. It was possible for libltdl to load and run modules from an arbitrary library in the current working directory. If a local attacker could trick a local user into running an application (which uses libltdl) from an attacker-controlled directory containing a malicious Libtool control file (.la), the attacker could possibly execute arbitrary code with the privileges of the user running the application. (CVE-2009-3736) All libtool users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications using the libltdl library must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43070
    published 2009-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43070
    title CentOS 3 / 4 / 5 : libtool (CESA-2009:1646)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2010-0039.NASL
    description Updated gcc and gcc4 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool's libltdl library. A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to trick a local user into running a Java application (which uses a function to load native libraries, such as System.loadLibrary) from within an attacker-controlled directory containing a malicious library or module, the attacker could possibly execute arbitrary code with the privileges of the user running the Java application. (CVE-2009-3736) All gcc and gcc4 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running Java applications using libgcj must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 43882
    published 2010-01-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43882
    title RHEL 3 / 4 / 5 : gcc and gcc4 (RHSA-2010:0039)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-3314.NASL
    description This update patches the bundled copy of libltdl library which was vulnerable to CVE-2009-3736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47307
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47307
    title Fedora 11 : esorex-3.7.2-3.fc11 (2010-3314)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-4098.NASL
    description This update patches the bundled copy of libltdl library which was vulnerable to CVE-2009-3736. This update allows esorex to be built with the new ImplicitDSOLinking behaviour of F-13 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 47338
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47338
    title Fedora 13 : esorex-3.7.2-6.fc13 (2010-4098)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 79961
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79961
    title GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1872.NASL
    description Fix package so that it uses the system copy of libtool-ltdl, and get rid of the ancient embedded copy, which suffers from the vulnerability in CVE-2009-3736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47280
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47280
    title Fedora 12 : gambas-1.0.19-12.fc12 (2010-1872)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20100113_GCC_AND_GCC4_ON_SL3_X.NASL
    description CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to trick a local user into running a Java application (which uses a function to load native libraries, such as System.loadLibrary) from within an attacker-controlled directory containing a malicious library or module, the attacker could possibly execute arbitrary code with the privileges of the user running the Java application. (CVE-2009-3736) All running Java applications using libgcj must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60722
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60722
    title Scientific Linux Security Update : gcc and gcc4 on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_77C14729DC5E11DE92AE02E0184B8D35.NASL
    description Secunia.com Do not attempt to load an unqualified module.la file from the current directory (by default) since doing so is insecure and is not compliant with the documentation.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 42912
    published 2009-11-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42912
    title FreeBSD : libtool -- Library Search Path Privilege Escalation Issue (77c14729-dc5e-11de-92ae-02e0184b8d35)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-4352.NASL
    description - Thu Mar 11 2010 Lucian Langa - 1.2.8-4 - kill rpath - use system ltdl (#563975) - fix documents install - misc cleanups Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47358
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47358
    title Fedora 11 : hamlib-1.2.8-4.fc11 (2010-4352)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-1646.NASL
    description From Red Hat Security Advisory 2009:1646 : Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool's libltdl library looked for modules to load. It was possible for libltdl to load and run modules from an arbitrary library in the current working directory. If a local attacker could trick a local user into running an application (which uses libltdl) from an attacker-controlled directory containing a malicious Libtool control file (.la), the attacker could possibly execute arbitrary code with the privileges of the user running the application. (CVE-2009-3736) All libtool users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications using the libltdl library must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67968
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67968
    title Oracle Linux 3 / 4 / 5 : libtool (ELSA-2009-1646)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBLTDL-3-091201.NASL
    description libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 43630
    published 2010-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43630
    title openSUSE Security Update : libltdl-3 (libltdl-3-1638)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-307.NASL
    description A vulnerability was discovered and corrected in libtool : All versions of libtool prior to 2.2.6b suffers from a local privilege escalation vulnerability that could be exploited under certain conditions to load arbitrary code (CVE-2009-3736). This advisory fixes this issue. Additionally, all applications embedding the libtool code were patched in order to avoid possible future exploitations of this issue. Update : Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 42943
    published 2009-12-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=42943
    title Mandriva Linux Security Advisory : libtool (MDVSA-2009:307-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-4407.NASL
    description - Thu Mar 11 2010 Lucian Langa - 1.2.10-2 - kill rpath - misc cleanups - use system ltdl (#563975) - Sat Nov 7 2009 Lucian Langa - 1.2.10-1 - new upstream release Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47361
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47361
    title Fedora 12 : hamlib-1.2.10-2.fc12 (2010-4407)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_2_LIBLTDL-3-091202.NASL
    description libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 43632
    published 2010-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43632
    title openSUSE Security Update : libltdl-3 (libltdl-3-1638)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2010-075.NASL
    description This updates provides a security update to the OpenOffice.org described as follow : OpenOffice's xmlsec uses a bundled Libtool which might load .la file in the current working directory allowing local users to gain privileges via a Trojan horse file. For enabling such vulnerability xmlsec has to use --enable-crypto_dl building flag however it does not, although the fix keeps protected against this threat whenever that flag had been enabled (CVE-2009-3736). Addittionaly this update provides following bug fixes : OpenOffice.org is not properly configure to use the xdg-email functionality of the FreeDesktop standard (#52195). Template desktop icons are not properly set up then they are not presented under the context menu of applications like Dolphin (#56439). libia_ora-gnome is added as suggest as long as that package is needed for a better look (#57385#c28). It is enabled a fallback logic to properly select an OpenOffice.org style whenever one is set up but that is not installed (#57530#c1, #53284, #45133, #39043) It is enabled the Firefox plugin for viewing OpenOffice.org documents inside browser.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 48178
    published 2010-07-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=48178
    title Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:075)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-8756.NASL
    description This update addresses CVE-2009-3736: libltdl may load and execute code from a library in the current directory. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47511
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47511
    title Fedora 12 : libprelude-0.9.24.1-2.fc12 (2010-8756)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2011-1990.NASL
    description Rebuilt against system libltdl. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 52519
    published 2011-03-03
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=52519
    title Fedora 15 : q-7.11-10.fc15 (2011-1990)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1924.NASL
    description Fix package so that it uses the system copy of libtool-ltdl, and get rid of the ancient embedded copy, which suffers from the vulnerability in CVE-2009-3736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47283
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47283
    title Fedora 11 : gambas-1.0.19-12.fc11 (2010-1924)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-3216.NASL
    description This update patches the bundled copy of libltdl library which was vulnerable to CVE-2009-3736. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47301
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47301
    title Fedora 12 : esorex-3.7.2-5.fc12 (2010-3216)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20091208_LIBTOOL_ON_SL3_X.NASL
    description CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory A flaw was found in the way GNU Libtool's libltdl library looked for modules to load. It was possible for libltdl to load and run modules from an arbitrary library in the current working directory. If a local attacker could trick a local user into running an application (which uses libltdl) from an attacker-controlled directory containing a malicious Libtool control file (.la), the attacker could possibly execute arbitrary code with the privileges of the user running the application. (CVE-2009-3736) After installing the updated packages, applications using the libltdl library must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60702
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60702
    title Scientific Linux Security Update : libtool on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1820.NASL
    description This update makes Gnash use the system version of the libltdl library instead of the bundled copy which was vulnerable to CVE-2009-3736. An update to the system libltdl fixing CVE-2009-3736 was issued on December 29, 2009. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47273
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47273
    title Fedora 12 : gnash-0.8.6-13.fc12 (2010-1820)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBTOOL-6683.NASL
    description libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.
    last seen 2018-09-01
    modified 2012-05-17
    plugin id 49884
    published 2010-10-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=49884
    title SuSE 10 Security Update : libtool (ZYPP Patch Number 6683)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0009_REMOTE.NASL
    description The remote VMware ESX / ESXi host is missing a security-related patch. It is, therefore, affected by multiple vulnerabilities, including remote code execution vulnerabilities, in several components and third-party libraries : - libpng - VMnc Codec - vmrun - VMware Remote Console (VMrc) - VMware Tools - vmware-authd
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 89740
    published 2016-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=89740
    title VMware ESX / ESXi Third-Party Libraries and Components (VMSA-2010-0009) (remote check)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2010-0009.NASL
    description a. Service Console update for COS kernel Updated COS package 'kernel' addresses the security issues that are fixed through versions 2.6.18-164.11.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613 to the security issues fixed in kernel 2.6.18-164.6.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-3612, CVE-2009-3620, CVE-2009-3621, CVE-2009-3726 to the security issues fixed in kernel 2.6.18-164.9.1. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2007-4567, CVE-2009-4536, CVE-2009-4537, CVE-2009-4538 to the security issues fixed in kernel 2.6.18-164.10.1 The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2006-6304, CVE-2009-2910, CVE-2009-3080, CVE-2009-3556, CVE-2009-3889, CVE-2009-3939, CVE-2009-4020, CVE-2009-4021, CVE-2009-4138, CVE-2009-4141, and CVE-2009-4272 to the security issues fixed in kernel 2.6.18-164.11.1. b. ESXi userworld update for ntp The Network Time Protocol (NTP) is used to synchronize the time of a computer client or server to another server or reference time source. A vulnerability in ntpd could allow a remote attacker to cause a denial of service (CPU and bandwidth consumption) by using MODE_PRIVATE to send a spoofed (1) request or (2) response packet that triggers a continuous exchange of MODE_PRIVATE error responses between two NTP daemons. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3563 to this issue. c. Service Console package openssl updated to 0.9.8e-12.el5_4.1 OpenSSL is a toolkit implementing SSL v2/v3 and TLS protocols with full-strength cryptography world-wide. A memory leak in the zlib could allow a remote attacker to cause a denial of service (memory consumption) via vectors that trigger incorrect calls to the CRYPTO_cleanup_all_ex_data function. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4355 to this issue. A vulnerability was discovered which may allow remote attackers to spoof certificates by using MD2 design flaws to generate a hash collision in less than brute-force time. NOTE: the scope of this issue is currently limited because the amount of computation required is still large. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-2409 to this issue. This update also includes security fixes that were first addressed in version openssl-0.9.8e-12.el5.i386.rpm. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the names CVE-2009-0590, CVE-2009-1377, CVE-2009-1378, CVE-2009-1379, CVE-2009-1386 and CVE-2009-1387 to these issues. d. Service Console update for krb5 to 1.6.1-36.el5_4.1 and pam_krb5 to 2.2.14-15. Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. Multiple integer underflows in the AES and RC4 functionality in the crypto library could allow remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code by providing ciphertext with a length that is too short to be valid. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-4212 to this issue. The service console package for pam_krb5 is updated to version pam_krb5-2.2.14-15. This update fixes a flaw found in pam_krb5. In some non-default configurations (specifically, where pam_krb5 would be the first module to prompt for a password), a remote attacker could use this flaw to recognize valid usernames, which would aid a dictionary-based password guess attack. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-1384 to this issue. e. Service Console package bind updated to 9.3.6-4.P1.el5_4.2 BIND (Berkeley Internet Name Daemon) is by far the most widely used Domain Name System (DNS) software on the Internet. A vulnerability was discovered which could allow remote attacker to add the Authenticated Data (AD) flag to a forged NXDOMAIN response for an existing domain. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0097 to this issue. A vulnerability was discovered which could allow remote attackers to conduct DNS cache poisoning attacks by receiving a recursive client query and sending a response that contains CNAME or DNAME records, which do not have the intended validation before caching. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0290 to this issue. A vulnerability was found in the way that bind handles out-of- bailiwick data accompanying a secure response without re-fetching from the original source, which could allow remote attackers to have an unspecified impact via a crafted response. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0382 to this issue. NOTE: ESX does not use the BIND name service daemon by default. f. Service Console package gcc updated to 3.2.3-60 The GNU Compiler Collection includes front ends for C, C++, Objective-C, Fortran, Java, and Ada, as well as libraries for these languages GNU Libtool's ltdl.c attempts to open .la library files in the current working directory. This could allow a local user to gain privileges via a Trojan horse file. The GNU C Compiler collection (gcc) provided in ESX contains a statically linked version of the vulnerable code, and is being replaced. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2009-3736 to this issue. g. Service Console package gzip update to 1.3.3-15.rhel3 gzip is a software application used for file compression An integer underflow in gzip's unlzw function on 64-bit platforms may allow a remote attacker to trigger an array index error leading to a denial of service (application crash) or possibly execute arbitrary code via a crafted LZW compressed file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0001 to this issue. h. Service Console package sudo updated to 1.6.9p17-6.el5_4 Sudo (su 'do') allows a system administrator to delegate authority to give certain users (or groups of users) the ability to run some (or all) commands as root or another user while providing an audit trail of the commands and their arguments. When a pseudo-command is enabled, sudo permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0426 to this issue. When the runas_default option is used, sudo does not properly set group memberships, which allows local users to gain privileges via a sudo command. The Common Vulnerabilities and Exposures Project (cve.mitre.org) has assigned the name CVE-2010-0427 to this issue.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 46765
    published 2010-06-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=46765
    title VMSA-2010-0009 : ESXi ntp and ESX Service Console third-party updates
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBLTDL7-091201.NASL
    description libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.
    last seen 2018-09-01
    modified 2013-10-25
    plugin id 43633
    published 2010-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43633
    title SuSE 11 Security Update : libtool (SAT Patch Number 1626)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-12725.NASL
    description - Thu Dec 3 2009 Karsten Hopp 2.2.6-11.3 - require gcc-4.4.1 from F-11-updates - Wed Dec 2 2009 Karsten Hopp 2.2.6-11.2 - update to 2.2.6b, fixes CVE-2009-3736: libltdl may load and execute code from a library in the current directory - Thu Jul 30 2009 Jakub Jelinek 2.2.6-11.fc11.1 - rebuilt against gcc-4.4.1 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43372
    published 2009-12-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43372
    title Fedora 11 : libtool-2.2.6-11.fc11.3 (2009-12725)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-2341.NASL
    description Not sure whether mingw32-libltdl (due to its special nature in being for cross- compilation development for an entirely different system) is actually affected by CVE-2009-3736, but this should make sure everything is fixed. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 47290
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47290
    title Fedora 12 : mingw32-libltdl-1.5.26-20.fc12 (2010-2341)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-12813.NASL
    description - Tue Dec 22 2009 Jakub Jelinek 4.4.2-20 - fix MEM_SIZE of reload created stack slots (#548825, PR rtl-optimization/42429) - fix addition of one character long filenames in fastjar (#549493) - Thu Dec 17 2009 Jakub Jelinek 4.4.2-18 - update from gcc-4_4-branch - PRs c++/42387 - another C++ virtual dtors fix (PR c++/42386) - VTA mode and COND_EXEC fixes (PR debug/41679) - fix ICE in chrec_convert_1 (#547775) - fix debuginfo for optimized out TLS vars - use DW_AT_location with DW_OP_addr + DW_OP_stack_value instead of DW_AT_const_value with address in it, use DW_OP_addr + DW_OP_stack_value instead of DW_OP_implicit_value with address (#546017) - Mon Dec 14 2009 Jakub Jelinek 4.4.2-17 - propagate TREE_NOTHROW/TREE_READONLY/DECL_PURE_P from ipa-pure-const and EH opt to all same body aliases (#547286) - don't emit DWARF location list entries with no location or DW_AT_location with empty blocks (PR debug/41473) - fix up AMD LWP support - don't crash when mangling C++ decls inside of middle-end generated functions (PR c++/41183) - Fri Dec 11 2009 Jakub Jelinek 4.4.2-16 - update from gcc-4_4-branch - PRs c++/27425, c++/34274, c++/42301, fortran/42268, java/41991, libstdc++/42273, rtl-optimization/41574, target/41196, target/41939 target/42263 - Wed Dec 9 2009 Jakub Jelinek 4.4.2-15 - VTA backports - PRs debug/42166, debug/42234, debug/42244, debug/42299 - fix handling of C++ COMDAT virtual destructors - some x86/x86_64 FMA4, XOP, ABM and LWP fixes - fix a decltype handling bug in templates (PR c++/42277) - Fri Dec 4 2009 Jakub Jelinek 4.4.2-14 - update from gcc-4_4-branch - PRs libstdc++/42261, middle-end/42049 - backport C++0x ICE fix from trunk (PR c++/42266) - fortran !$omp workshare improvements (PR fortran/35423) - FMA4 and XOP fixes - Wed Dec 2 2009 Jakub Jelinek 4.4.2-13 - fix security issues in libltdl bundled within libgcj (CVE-2009-3736) - Wed Dec 2 2009 Jakub Jelinek 4.4.2-12 - update from gcc-4_4-branch - PRs c++/42234, fortran/41278, fortran/41807, fortran/42162, target/42113, target/42165 - don't ICE on -O256 (#539923) - fix -mregnames on ppc/ppc64 - optimize even COMDAT constructors and destructors without virtual bases (PR c++/3187) - Mon Nov 23 2009 Jakub Jelinek 4.4.2-11 [plus 32 lines in the Changelog] Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43612
    published 2009-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43612
    title Fedora 12 : gcc-4.4.2-20.fc12 (2009-12813)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBLTDL-3-091201.NASL
    description libtool: libltdl may load modules from the current working directory. CVE-2009-3736 has been assigned to this issue.
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 43629
    published 2010-01-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43629
    title openSUSE Security Update : libltdl-3 (libltdl-3-1638)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-4392.NASL
    description Remove embedded ltdl to fix CVE-2009-3736 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47360
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47360
    title Fedora 11 : gnu-smalltalk-3.1-8.fc11 (2010-4392)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2010-0039.NASL
    description Updated gcc and gcc4 packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The gcc and gcc4 packages include, among others, C, C++, and Java GNU compilers and related support libraries. libgcj contains a copy of GNU Libtool's libltdl library. A flaw was found in the way GNU Libtool's libltdl library looked for libraries to load. It was possible for libltdl to load a malicious library from the current working directory. In certain configurations, if a local attacker is able to trick a local user into running a Java application (which uses a function to load native libraries, such as System.loadLibrary) from within an attacker-controlled directory containing a malicious library or module, the attacker could possibly execute arbitrary code with the privileges of the user running the Java application. (CVE-2009-3736) All gcc and gcc4 users should upgrade to these updated packages, which contain a backported patch to correct this issue. All running Java applications using libgcj must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44027
    published 2010-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44027
    title CentOS 3 / 4 / 5 : gcc / gcc4 (CESA-2010:0039)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-12562.NASL
    description libltdl may load and execute code from a library in the current directory. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 43611
    published 2009-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43611
    title Fedora 12 : libtool-2.2.6-17.fc12 (2009-12562)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-1646.NASL
    description Updated libtool packages that fix one security issue are now available for Red Hat Enterprise Linux 3, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. GNU Libtool is a set of shell scripts which automatically configure UNIX, Linux, and similar operating systems to generically build shared libraries. A flaw was found in the way GNU Libtool's libltdl library looked for modules to load. It was possible for libltdl to load and run modules from an arbitrary library in the current working directory. If a local attacker could trick a local user into running an application (which uses libltdl) from an attacker-controlled directory containing a malicious Libtool control file (.la), the attacker could possibly execute arbitrary code with the privileges of the user running the application. (CVE-2009-3736) All libtool users should upgrade to these updated packages, which contain a backported patch to correct this issue. After installing the updated packages, applications using the libltdl library must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 43078
    published 2009-12-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43078
    title RHEL 3 / 4 / 5 : libtool (RHSA-2009:1646)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2010-1833.NASL
    description This update makes Gnash use the system version of the libltdl library instead of the bundled copy which was vulnerable to CVE-2009-3736. An update to the system libltdl fixing CVE-2009-3736 was issued on December 21, 2009. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 47274
    published 2010-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=47274
    title Fedora 11 : gnash-0.8.6-13.fc11 (2010-1833)
oval via4
  • accepted 2013-04-29T04:15:19.827-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
    family unix
    id oval:org.mitre.oval:def:11687
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
    version 25
  • accepted 2014-01-20T04:01:30.438-05:00
    class vulnerability
    contributors
    • name J. Daniel Brown
      organization DTCC
    • name Chris Coffin
      organization The MITRE Corporation
    definition_extensions
    comment VMware ESX Server 4.0 is installed
    oval oval:org.mitre.oval:def:6293
    description ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file.
    family unix
    id oval:org.mitre.oval:def:6951
    status accepted
    submitted 2010-06-01T17:30:00.000-05:00
    title GNU Libtool 'libltdl' Library Search Path Local Privilege Escalation Vulnerability
    version 9
redhat via4
advisories
  • bugzilla
    id 537941
    title CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment libtool is earlier than 0:1.4.3-7
            oval oval:com.redhat.rhsa:tst:20091646002
          • comment libtool is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091646003
        • AND
          • comment libtool-libs is earlier than 0:1.4.3-7
            oval oval:com.redhat.rhsa:tst:20091646004
          • comment libtool-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091646005
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment libtool is earlier than 0:1.5.6-5.el4_8
            oval oval:com.redhat.rhsa:tst:20091646007
          • comment libtool is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091646003
        • AND
          • comment libtool-libs is earlier than 0:1.5.6-5.el4_8
            oval oval:com.redhat.rhsa:tst:20091646008
          • comment libtool-libs is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20091646005
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment libtool is earlier than 0:1.5.22-7.el5_4
            oval oval:com.redhat.rhsa:tst:20091646010
          • comment libtool is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091646011
        • AND
          • comment libtool-ltdl is earlier than 0:1.5.22-7.el5_4
            oval oval:com.redhat.rhsa:tst:20091646014
          • comment libtool-ltdl is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091646015
        • AND
          • comment libtool-ltdl-devel is earlier than 0:1.5.22-7.el5_4
            oval oval:com.redhat.rhsa:tst:20091646012
          • comment libtool-ltdl-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20091646013
    rhsa
    id RHSA-2009:1646
    released 2009-12-08
    severity Moderate
    title RHSA-2009:1646: libtool security update (Moderate)
  • bugzilla
    id 537941
    title CVE-2009-3736 libtool: libltdl may load and execute code from a library in the current directory
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 3 is installed
        oval oval:com.redhat.rhsa:tst:20060015001
      • OR
        • AND
          • comment cpp is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039024
          • comment cpp is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220023
        • AND
          • comment gcc is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039002
          • comment gcc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220003
        • AND
          • comment gcc-c++ is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039008
          • comment gcc-c++ is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220015
        • AND
          • comment gcc-c++-ppc32 is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039006
          • comment gcc-c++-ppc32 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220029
        • AND
          • comment gcc-g77 is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039032
          • comment gcc-g77 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220031
        • AND
          • comment gcc-gnat is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039016
          • comment gcc-gnat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220027
        • AND
          • comment gcc-java is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039030
          • comment gcc-java is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220005
        • AND
          • comment gcc-objc is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039034
          • comment gcc-objc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220007
        • AND
          • comment gcc-ppc32 is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039028
          • comment gcc-ppc32 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220011
        • AND
          • comment libf2c is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039018
          • comment libf2c is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220035
        • AND
          • comment libgcc is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039026
          • comment libgcc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220017
        • AND
          • comment libgcj is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039022
          • comment libgcj is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220033
        • AND
          • comment libgcj-devel is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039012
          • comment libgcj-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220025
        • AND
          • comment libgnat is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039020
          • comment libgnat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220021
        • AND
          • comment libobjc is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039010
          • comment libobjc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220019
        • AND
          • comment libstdc++ is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039004
          • comment libstdc++ is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220013
        • AND
          • comment libstdc++-devel is earlier than 0:3.2.3-60
            oval oval:com.redhat.rhsa:tst:20100039014
          • comment libstdc++-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220009
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment gcc4 is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039037
          • comment gcc4 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039038
        • AND
          • comment gcc4-c++ is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039055
          • comment gcc4-c++ is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039056
        • AND
          • comment gcc4-gfortran is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039045
          • comment gcc4-gfortran is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039046
        • AND
          • comment gcc4-java is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039053
          • comment gcc4-java is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039054
        • AND
          • comment libgcj4 is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039049
          • comment libgcj4 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039050
        • AND
          • comment libgcj4-devel is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039039
          • comment libgcj4-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039040
        • AND
          • comment libgcj4-src is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039041
          • comment libgcj4-src is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039042
        • AND
          • comment libgfortran is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039051
          • comment libgfortran is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039052
        • AND
          • comment libgomp is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039043
          • comment libgomp is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039044
        • AND
          • comment libmudflap is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039057
          • comment libmudflap is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039058
        • AND
          • comment libmudflap-devel is earlier than 0:4.1.2-44.EL4_8.1
            oval oval:com.redhat.rhsa:tst:20100039047
          • comment libmudflap-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20100039048
        • AND
          • comment cpp is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039067
          • comment cpp is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220023
        • AND
          • comment gcc is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039059
          • comment gcc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220003
        • AND
          • comment gcc-c++ is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039060
          • comment gcc-c++ is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220015
        • AND
          • comment gcc-c++-ppc32 is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039066
          • comment gcc-c++-ppc32 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220029
        • AND
          • comment gcc-g77 is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039062
          • comment gcc-g77 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220031
        • AND
          • comment gcc-gnat is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039074
          • comment gcc-gnat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220027
        • AND
          • comment gcc-java is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039068
          • comment gcc-java is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220005
        • AND
          • comment gcc-objc is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039071
          • comment gcc-objc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220007
        • AND
          • comment gcc-ppc32 is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039069
          • comment gcc-ppc32 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220011
        • AND
          • comment libf2c is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039065
          • comment libf2c is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220035
        • AND
          • comment libgcc is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039063
          • comment libgcc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220017
        • AND
          • comment libgcj is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039075
          • comment libgcj is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220033
        • AND
          • comment libgcj-devel is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039073
          • comment libgcj-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220025
        • AND
          • comment libgnat is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039070
          • comment libgnat is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220021
        • AND
          • comment libobjc is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039072
          • comment libobjc is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220019
        • AND
          • comment libstdc++ is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039064
          • comment libstdc++ is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220013
        • AND
          • comment libstdc++-devel is earlier than 0:3.4.6-11.el4_8.1
            oval oval:com.redhat.rhsa:tst:20100039061
          • comment libstdc++-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070220009
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment cpp is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039105
          • comment cpp is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039106
        • AND
          • comment gcc is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039077
          • comment gcc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039078
        • AND
          • comment gcc-c++ is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039081
          • comment gcc-c++ is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039082
        • AND
          • comment gcc-gfortran is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039079
          • comment gcc-gfortran is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039080
        • AND
          • comment gcc-gnat is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039113
          • comment gcc-gnat is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039114
        • AND
          • comment gcc-java is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039103
          • comment gcc-java is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039104
        • AND
          • comment gcc-objc is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039093
          • comment gcc-objc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039094
        • AND
          • comment gcc-objc++ is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039109
          • comment gcc-objc++ is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039110
        • AND
          • comment libgcc is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039097
          • comment libgcc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039098
        • AND
          • comment libgcj is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039099
          • comment libgcj is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039100
        • AND
          • comment libgcj-devel is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039101
          • comment libgcj-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039102
        • AND
          • comment libgcj-src is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039085
          • comment libgcj-src is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039086
        • AND
          • comment libgfortran is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039107
          • comment libgfortran is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039108
        • AND
          • comment libgnat is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039111
          • comment libgnat is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039112
        • AND
          • comment libmudflap is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039083
          • comment libmudflap is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039084
        • AND
          • comment libmudflap-devel is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039087
          • comment libmudflap-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039088
        • AND
          • comment libobjc is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039095
          • comment libobjc is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039096
        • AND
          • comment libstdc++ is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039091
          • comment libstdc++ is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039092
        • AND
          • comment libstdc++-devel is earlier than 0:4.1.2-46.el5_4.2
            oval oval:com.redhat.rhsa:tst:20100039089
          • comment libstdc++-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20100039090
    rhsa
    id RHSA-2010:0039
    released 2010-01-13
    severity Moderate
    title RHSA-2010:0039: gcc and gcc4 security update (Moderate)
  • rhsa
    id RHSA-2010:0095
rpms
  • libtool-0:1.4.3-7
  • libtool-libs-0:1.4.3-7
  • libtool-0:1.5.6-5.el4_8
  • libtool-libs-0:1.5.6-5.el4_8
  • libtool-0:1.5.22-7.el5_4
  • libtool-ltdl-0:1.5.22-7.el5_4
  • libtool-ltdl-devel-0:1.5.22-7.el5_4
  • cpp-0:3.2.3-60
  • gcc-0:3.2.3-60
  • gcc-c++-0:3.2.3-60
  • gcc-c++-ppc32-0:3.2.3-60
  • gcc-g77-0:3.2.3-60
  • gcc-gnat-0:3.2.3-60
  • gcc-java-0:3.2.3-60
  • gcc-objc-0:3.2.3-60
  • gcc-ppc32-0:3.2.3-60
  • libf2c-0:3.2.3-60
  • libgcc-0:3.2.3-60
  • libgcj-0:3.2.3-60
  • libgcj-devel-0:3.2.3-60
  • libgnat-0:3.2.3-60
  • libobjc-0:3.2.3-60
  • libstdc++-0:3.2.3-60
  • libstdc++-devel-0:3.2.3-60
  • gcc4-0:4.1.2-44.EL4_8.1
  • gcc4-c++-0:4.1.2-44.EL4_8.1
  • gcc4-gfortran-0:4.1.2-44.EL4_8.1
  • gcc4-java-0:4.1.2-44.EL4_8.1
  • libgcj4-0:4.1.2-44.EL4_8.1
  • libgcj4-devel-0:4.1.2-44.EL4_8.1
  • libgcj4-src-0:4.1.2-44.EL4_8.1
  • libgfortran-0:4.1.2-44.EL4_8.1
  • libgomp-0:4.1.2-44.EL4_8.1
  • libmudflap-0:4.1.2-44.EL4_8.1
  • libmudflap-devel-0:4.1.2-44.EL4_8.1
  • cpp-0:3.4.6-11.el4_8.1
  • gcc-0:3.4.6-11.el4_8.1
  • gcc-c++-0:3.4.6-11.el4_8.1
  • gcc-c++-ppc32-0:3.4.6-11.el4_8.1
  • gcc-g77-0:3.4.6-11.el4_8.1
  • gcc-gnat-0:3.4.6-11.el4_8.1
  • gcc-java-0:3.4.6-11.el4_8.1
  • gcc-objc-0:3.4.6-11.el4_8.1
  • gcc-ppc32-0:3.4.6-11.el4_8.1
  • libf2c-0:3.4.6-11.el4_8.1
  • libgcc-0:3.4.6-11.el4_8.1
  • libgcj-0:3.4.6-11.el4_8.1
  • libgcj-devel-0:3.4.6-11.el4_8.1
  • libgnat-0:3.4.6-11.el4_8.1
  • libobjc-0:3.4.6-11.el4_8.1
  • libstdc++-0:3.4.6-11.el4_8.1
  • libstdc++-devel-0:3.4.6-11.el4_8.1
  • cpp-0:4.1.2-46.el5_4.2
  • gcc-0:4.1.2-46.el5_4.2
  • gcc-c++-0:4.1.2-46.el5_4.2
  • gcc-gfortran-0:4.1.2-46.el5_4.2
  • gcc-gnat-0:4.1.2-46.el5_4.2
  • gcc-java-0:4.1.2-46.el5_4.2
  • gcc-objc-0:4.1.2-46.el5_4.2
  • gcc-objc++-0:4.1.2-46.el5_4.2
  • libgcc-0:4.1.2-46.el5_4.2
  • libgcj-0:4.1.2-46.el5_4.2
  • libgcj-devel-0:4.1.2-46.el5_4.2
  • libgcj-src-0:4.1.2-46.el5_4.2
  • libgfortran-0:4.1.2-46.el5_4.2
  • libgnat-0:4.1.2-46.el5_4.2
  • libmudflap-0:4.1.2-46.el5_4.2
  • libmudflap-devel-0:4.1.2-46.el5_4.2
  • libobjc-0:4.1.2-46.el5_4.2
  • libstdc++-0:4.1.2-46.el5_4.2
  • libstdc++-devel-0:4.1.2-46.el5_4.2
refmap via4
bid 37128
confirm
fedora
  • FEDORA-2009-12813
  • FEDORA-2010-1872
  • FEDORA-2010-1924
  • FEDORA-2011-1958
  • FEDORA-2011-1967
  • FEDORA-2011-1990
gentoo GLSA-201311-10
mandriva
  • MDVSA-2009:307
  • MDVSA-2010:035
  • MDVSA-2010:091
  • MDVSA-2010:105
mlist
  • [libtool] 20091116 Backport of libltdl changes to branch-1-5
  • [libtool] 20091116 GNU Libtool 2.2.6b released
secunia
  • 37414
  • 37489
  • 37997
  • 38190
  • 38577
  • 38617
  • 38696
  • 38915
  • 39299
  • 39347
  • 43617
  • 55721
suse SUSE-SR:2010:006
vupen ADV-2011-0574
Last major update 07-12-2016 - 22:01
Published 29-11-2009 - 08:07
Last modified 18-09-2017 - 21:29
Back to Top