Description
It was discovered that the glibc addmntent() function did not sanitize its
input properly. A local attacker could possibly use this flaw to inject
malformed lines into /etc/mtab via certain setuid mount helpers, if the
attacker were allowed to mount to an arbitrary directory under their
control. (CVE-2010-0296)
It was discovered that the glibc fnmatch() function did not properly
restrict the use of alloca(). If the function was called on sufficiently
large inputs, it could cause an application using fnmatch() to crash or,
possibly, execute arbitrary code with the privileges of the application.
(CVE-2011-1071)
It was discovered that the locale command did not produce properly escaped
output as required by the POSIX specification. If an attacker were able to
set the locale environment variables in the environment of a script that
performed shell evaluation on the output of the locale command, and that
script were run with different privileges than the attacker's, it could
execute arbitrary code with the privileges of the script. (CVE-2011-1095)