Bug 146402

Summary: CAN-2004-1453 Information leak with LD_DEBUG
Product: [Retired] Fedora Legacy Reporter: Leonard den Ottolander <leonard-rh-bugzilla>
Component: glibcAssignee: Fedora Legacy Bugs <bugs>
Status: CLOSED DUPLICATE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: fc2CC: bressers, fweimer, mattdm, pekkas
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://www.gentoo.org/security/en/glsa/glsa-200408-16.xml
Whiteboard: 2, discuss
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2005-07-20 16:10:02 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Leonard den Ottolander 2005-01-27 21:48:00 UTC 
Silvio Cesare discovered a potential information leak in glibc. It
allows LD_DEBUG on SUID binaries where it should not be allowed. This
has various security implications, which may be used to gain
confidentional information.
Comment 1 Jakub Jelinek 2005-01-27 22:05:05 UTC 
*** Bug 146404 has been marked as a duplicate of this bug. ***
Comment 4 Matthew Miller 2005-04-11 22:20:44 UTC 
[Bulk move of FC2 bugs to Fedora Legacy. See
<http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00020.html>.]
Comment 5 Leonard den Ottolander 2005-04-12 22:44:50 UTC 
I get the impression this bug is not considered worth fixing. Reopened bug
146404 so RH security team can decide on what to do for RHEL 3.
Comment 6 Pekka Savola 2005-05-16 10:29:22 UTC 
See #152848 for RHL73/RHL9/FC1.
Comment 7 Tim Powers 2005-05-18 14:00:02 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-256.html
Comment 8 Dominic Hargreaves 2005-05-18 14:24:52 UTC 
This hasn't been fixed for FC2 by Fedora Legacy.
Comment 9 Dennis Gregorovic 2005-05-20 03:25:55 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-256.html
Comment 10 Josh Bressers 2005-06-16 22:43:43 UTC 
The errata mistakenly references this bug, when it should be referencing bug 146404.
Comment 11 Pekka Savola 2005-06-17 04:39:05 UTC 
Because this is a Fedora Legacy issue, reopening.
Comment 12 Pekka Savola 2005-07-20 16:10:02 UTC 
Continuing tracking this at #152848, so closing here.

*** This bug has been marked as a duplicate of 152848 ***