=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN559
_____________________________________________________________________

DATE                      : 30/12/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running GNU Libtool.

======================================================================
http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html
______________________________________________________________________

We are pleased to announce the release of GNU Libtool 2.2.6b.


GNU Libtool hides the complexity of using shared libraries behind a
consistent, portable interface. GNU Libtool ships with GNU libltdl,
which hides the complexity of loading dynamic runtime libraries
(modules) behind a consistent, portable interface.


This release is a bug fix release for version 2.2.6. The following
bugs are fixed:


  - Fixed libltdl to no longer attempt to dlopen() the old_library
    listed in the .la file. Now will use only the preopen loader to
    attempt to load it. This may be a security issue, all users are
    advised to upgrade.
  - Similarly, don't open module.la from the current directory, this
    changes the behavior of libltdl to match the documentation.


libtool-2.2.6b is available now from ftp.gnu.org, along with diffs
against libtool-2.2.6a.  Please use a mirror to reduce stress on the
main gnu machine:


  http://www.gnu.org/order/ftp.html


Here are the compressed sources:


  ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6b.tar.gz
  ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6b.tar.lzma


Here are the diffs against libtool-2.2.6a:


  ftp://ftp.gnu.org/gnu/libtool/libtool-2.2.6a-2.2.6b.diff.gz


The MD5 and SHA1 checksums are:
 libtool-2.2.6b.tar.gz         07da460450490148c6d2df0f21481a25
 libtool-2.2.6b.tar.lzma       a4b36980765003b47dd75ac9429f4f11
 libtool-2.2.6a-2.2.6b.diff.gz a485788eb8fac09f7bb19b9f471ecf16


 libtool-2.2.6b.tar.gz         5afa73c8ef9ebe64bbb438a0f8779c9036e43c55
 libtool-2.2.6b.tar.lzma       18baaac89eed8be7bd2af2d2181598e176029cc6
 libtool-2.2.6a-2.2.6b.diff.gz 161b4f775d2e17890a25fd791c2deb3a69dcf293


This release was bootstrapped with automake-1.11 and autoconf-2.64.


You can fetch the unbootstrapped source code with git by using the
following commands:


  $ git clone git://git.savannah.gnu.org/libtool.git
  $ cd libtool
  $ git checkout v2.2.6b


Please report bugs to <address@hidden>, along with the verbose
output of any failed test groups, and the output from `./libtool
--config.' The README file explains how to capture the verbose test
output.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================