COMMAND

    resolv+ lib

SYSTEMS AFFECTED

    Linux

PROBLEM

    Alan Cox has found some bugs in resolv+.  The bugs have been about
    for years  and concern  the passing  of enviromental  variables to
    resolv+ code (which is normally  called by ping, rlogin, rsh,  ssh
    etc). Since it looks like the  cat is about to leap from  the bag,
    Julian Assange  had better  explain. Resolv+  is a  library, often
    incorporated with libc, but sometimes stand alone (e.g  -lresolv).
    It contains gethostbyname()/gethostbyaddr()  as well as  other dns
    functions.  As an example of wonders of resolv+:

        $ export RESOLV_HOST_CONF=/etc/shadow
        $ rlogin thepopeneverlikedbadgersanywaymate

    Linux is prone to this.
SOLUTION

    This affects only older versions of resolv+ so you should  upgrade
    your software.