Name | CVE-2009-3736 |
Description | ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as used in Ham Radio Control Libraries, Q, and possibly other products, attempts to open a .la file in the current working directory, which allows local users to gain privileges via a Trojan horse file. |
Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
References | DSA-1958-1 |
Debian Bugs | 559797, 559800, 559801, 559803, 559806, 559808, 559809, 559811, 559813, 559814, 559815, 559816, 559818, 559819, 559821, 559822, 559823, 559824, 559825, 559826, 559827, 559828, 559829, 559831, 559832, 559833, 559834, 559835, 559836, 559837, 559840, 559843, 559844, 559845, 702436 |
The table below lists information on source packages.
Source Package | Release | Version | Status |
---|
bochs (PTS) | jessie | 2.6-2 | fixed |
| stretch | 2.6-5 | fixed |
| buster | 2.6.9+dfsg-3 | fixed |
| bullseye | 2.6.11+dfsg-4 | fixed |
| bookworm | 2.7+dfsg-4 | fixed |
| sid, trixie | 2.8+dfsg-2 | fixed |
clamav (PTS) | jessie, jessie (lts) | 0.103.12+dfsg-0+deb8u1 | fixed |
| stretch (security) | 0.103.6+dfsg-0+deb9u1 | fixed |
| stretch (lts), stretch | 0.103.12+dfsg-0+deb9u1 | fixed |
| buster, buster (lts) | 1.0.7+dfsg-1~deb10u1 | fixed |
| buster (security) | 0.103.9+dfsg-0+deb10u1 | fixed |
| bullseye | 0.103.10+dfsg-0+deb11u1 | fixed |
| bullseye (security) | 1.0.7+dfsg-1~deb11u2 | fixed |
| bookworm | 1.0.7+dfsg-1~deb12u1 | fixed |
| sid, trixie | 1.4.1+dfsg-1 | fixed |
collectd (PTS) | jessie, jessie (lts) | 5.4.1-6+deb8u1 | fixed |
| stretch | 5.7.1-1.1 | fixed |
| buster | 5.8.1-1.3 | fixed |
| bullseye | 5.12.0-7 | fixed |
| bookworm | 5.12.0-14 | fixed |
| sid, trixie | 5.12.0-22 | fixed |
ggobi (PTS) | jessie | 2.1.11-1 | fixed |
| buster, bullseye, stretch, bookworm | 2.1.11-2 | fixed |
| sid, trixie | 2.1.12-1 | fixed |
gnash (PTS) | stretch | 0.8.11~git20160608-1.3 | fixed |
gnu-smalltalk (PTS) | jessie | 3.2.4-2.1 | fixed |
| stretch | 3.2.5-1 | fixed |
| bullseye | 3.2.5-1.3 | fixed |
graphicsmagick (PTS) | jessie, jessie (lts) | 1.3.20-3+deb8u14 | fixed |
| stretch (security) | 1.3.30+hg15796-1~deb9u5 | fixed |
| stretch (lts), stretch | 1.3.30+hg15796-1~deb9u7 | fixed |
| buster (security), buster, buster (lts) | 1.4+really1.3.35-1~deb10u3 | fixed |
| bullseye (security), bullseye | 1.4+really1.3.36+hg16481-2+deb11u1 | fixed |
| bookworm | 1.4+really1.3.40-4 | fixed |
| sid, trixie | 1.4+really1.3.45-1 | fixed |
graphviz (PTS) | jessie, jessie (lts) | 2.38.0-7+deb8u1 | fixed |
| stretch (security), stretch (lts), stretch | 2.38.0-17+deb9u1 | fixed |
| buster (security), buster, buster (lts) | 2.40.1-6+deb10u1 | fixed |
| bullseye | 2.42.2-5+deb11u1 | fixed |
| bookworm | 2.42.2-7+deb12u1 | fixed |
| sid, trixie | 2.42.4-2 | fixed |
hamlib (PTS) | jessie | 1.2.15.3-2 | fixed |
| stretch | 3.0.1-1 | fixed |
| buster | 3.3-5 | fixed |
| bullseye | 4.0-7 | fixed |
| bookworm | 4.5.4-1 | fixed |
| sid, trixie | 4.5.5-4 | fixed |
heartbeat (PTS) | jessie | 1:3.0.5+hg12629-1.2 | fixed |
| stretch | 1:3.0.6-5 | fixed |
| buster | 1:3.0.6-9 | fixed |
| bullseye | 1:3.0.6-11+deb11u1 | fixed |
| bookworm | 1:3.0.6-13 | fixed |
| sid, trixie | 1:3.0.6-15 | fixed |
hercules (PTS) | jessie | 3.07-2.3 | fixed |
| stretch | 3.12-1 | fixed |
| buster | 3.13-1 | fixed |
| bullseye, bookworm | 3.13-7 | fixed |
| sid, trixie | 3.13-8 | fixed |
hypre (PTS) | jessie | 2.8.0b-2 | fixed |
| stretch | 2.11.1-3 | fixed |
| buster | 2.15.1-5 | fixed |
| bullseye | 2.18.2-1 | fixed |
| bookworm | 2.26.0-3 | fixed |
| trixie | 2.32.0-3 | fixed |
| sid | 2.32.0-4 | fixed |
imagemagick (PTS) | jessie, jessie (lts) | 8:6.8.9.9-5+deb8u27 | fixed |
| stretch (security) | 8:6.9.7.4+dfsg-11+deb9u14 | fixed |
| stretch (lts), stretch | 8:6.9.7.4+dfsg-11+deb9u20 | fixed |
| buster, buster (lts) | 8:6.9.10.23+dfsg-2.1+deb10u9 | fixed |
| buster (security) | 8:6.9.10.23+dfsg-2.1+deb10u7 | fixed |
| bullseye | 8:6.9.11.60+dfsg-1.3+deb11u4 | fixed |
| bullseye (security) | 8:6.9.11.60+dfsg-1.3+deb11u3 | fixed |
| bookworm | 8:6.9.11.60+dfsg-1.6+deb12u2 | fixed |
| bookworm (security) | 8:6.9.11.60+dfsg-1.6+deb12u1 | fixed |
| sid, trixie | 8:7.1.1.39+dfsg1-3 | fixed |
jags (PTS) | jessie | 3.4.0-1 | fixed |
| stretch | 4.2.0-2 | fixed |
| buster | 4.3.0-2 | fixed |
| bullseye | 4.3.0-3 | fixed |
| bookworm | 4.3.1-1 | fixed |
| sid, trixie | 4.3.2-1 | fixed |
lam (PTS) | jessie, stretch | 7.1.4-3.1 | fixed |
| buster | 7.1.4-6 | fixed |
| bullseye | 7.1.4-6.1 | fixed |
| bookworm | 7.1.4-7 | fixed |
| sid, trixie | 7.1.4-7.2 | fixed |
libextractor (PTS) | jessie, jessie (lts) | 1:1.3-2+deb8u5 | fixed |
| stretch (security), stretch (lts), stretch | 1:1.3-4+deb9u4 | fixed |
| buster | 1:1.8-2+deb10u1 | fixed |
| bullseye | 1:1.11-2 | fixed |
| bookworm | 1:1.11-7 | fixed |
| sid, trixie | 1:1.13-8 | fixed |
libmcrypt (PTS) | jessie, stretch | 2.5.8-3.3 | fixed |
| buster, bullseye | 2.5.8-3.4 | fixed |
| bookworm | 2.5.8-7 | fixed |
| sid, trixie | 2.5.8-8 | fixed |
libprelude (PTS) | jessie | 1.0.0-11.4 | fixed |
| stretch | 1.0.0-11.9 | fixed |
| buster | 4.1.0-4.2 | fixed |
| bullseye | 5.2.0-3+deb11u1 | fixed |
| bookworm | 5.2.0-5 | fixed |
| sid | 5.2.0-5.6 | fixed |
libtool (PTS) | jessie | 2.4.2-1.11 | fixed |
| stretch | 2.4.6-2 | fixed |
| buster | 2.4.6-9 | fixed |
| bullseye | 2.4.6-15 | fixed |
| bookworm | 2.4.7-7~deb12u1 | fixed |
| sid, trixie | 2.4.7-8 | fixed |
mp4h (PTS) | jessie | 1.3.1-9 | fixed |
| stretch | 1.3.1-16 | fixed |
| buster, bullseye, bookworm | 1.3.1-17 | fixed |
| sid, trixie | 1.3.1-17.1 | fixed |
openmpi (PTS) | jessie | 1.6.5-9.1+deb8u1 | fixed |
| stretch | 2.0.2-2 | fixed |
| buster | 3.1.3-11 | fixed |
| bullseye | 4.1.0-10 | fixed |
| bookworm | 4.1.4-3 | fixed |
| sid, trixie | 5.0.6-3 | fixed |
parser (PTS) | jessie | 3.4.3-4 | fixed |
| stretch | 3.4.4-1 | fixed |
| buster | 3.4.5-4 | fixed |
| bullseye | 3.4.6-2 | fixed |
| bookworm | 3.4.6-3 | fixed |
| sid, trixie | 3.4.6-5 | fixed |
parser-mysql (PTS) | jessie | 10.6-2 | fixed |
| stretch | 10.7-2 | fixed |
| buster | 10.7-4 | fixed |
| sid, trixie, bullseye, bookworm | 10.8-3 | fixed |
pdsh (PTS) | jessie, buster, bullseye, stretch | 2.31-3 | fixed |
| bookworm | 2.34-0.2 | fixed |
| sid, trixie | 2.34-3 | fixed |
pinball (PTS) | jessie | 0.3.1-13.2 | fixed |
| stretch | 0.3.1-13.6 | fixed |
| buster | 0.3.1-14.1 | fixed |
| bullseye, bookworm | 0.3.20201218-4 | fixed |
| sid, trixie | 0.3.20230219-2 | fixed |
proftpd-dfsg (PTS) | jessie, jessie (lts) | 1.3.5e+r1.3.5-2+deb8u8 | fixed |
| stretch (security) | 1.3.5e+r1.3.5b-4+deb9u2 | fixed |
| stretch (lts), stretch | 1.3.5e+r1.3.5b-4+deb9u3 | fixed |
| buster | 1.3.6-4+deb10u6 | fixed |
| buster (security), buster (lts) | 1.3.6-4+deb10u4 | fixed |
| bullseye | 1.3.7a+dfsg-12+deb11u2 | fixed |
| bullseye (security) | 1.3.7a+dfsg-12+deb11u3 | fixed |
| bookworm | 1.3.8+dfsg-4+deb12u3 | fixed |
| bookworm (security) | 1.3.8+dfsg-4+deb12u4 | fixed |
| sid, trixie | 1.3.8.c+dfsg-1 | fixed |
redland (PTS) | jessie | 1.0.17-1 | fixed |
| buster, bullseye, stretch | 1.0.17-1.1 | fixed |
| bookworm | 1.0.17-3 | fixed |
| sid, trixie | 1.0.17-4 | fixed |
sdcc (PTS) | jessie | 3.4.0+dfsg-2 | fixed |
| stretch | 3.5.0+dfsg-2 | fixed |
| buster | 3.8.0+dfsg-2 | fixed |
| bullseye | 4.0.0+dfsg-2 | fixed |
| bookworm | 4.2.0+dfsg-1 | fixed |
| sid, trixie | 4.4.0+dfsg-2 | fixed |
siproxd (PTS) | jessie | 1:0.8.1-4 | fixed |
| buster, stretch | 1:0.8.1-4.1 | fixed |
synfig (PTS) | jessie | 0.64.2-1 | fixed |
| stretch | 1.0.2-1 | fixed |
| buster | 1.2.2-1 | fixed |
| bullseye | 1.4.0+dfsg-2 | fixed |
| bookworm | 1.5.1+dfsg-3 | fixed |
| sid | 1.5.1+dfsg-4 | fixed |
xmlsec1 (PTS) | jessie | 1.2.20-2 | fixed |
| stretch (lts), stretch | 1.2.27-2~deb9u1 | fixed |
| buster | 1.2.27-2 | fixed |
| bullseye | 1.2.31-1 | fixed |
| bookworm | 1.2.37-2 | fixed |
| sid, trixie | 1.2.41-1 | fixed |
The information below is based on the following data on fixed versions.