A weakness was found in the dynamic loader in glibc prior to 2.22.90. LD_POINTER_GUARD in the enivronment was not sanitized, allowing local attackers to bypass the pointer guarding protection on set-user-ID and set-group-ID executables. This is a different security flaw then CVE-2013-4788, and only executables which dynamically link against glibc are affected. This issue has been fixed upstream via the following commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;a=commit;h=a014cecd82b71b70a6a843e250e06b541ad524f7 External References: http://hmarco.org/bugs/glibc_ptr_mangle_weakness.html
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1299755]
CVE request: http://www.openwall.com/lists/oss-security/2015/09/05/8 No CVE has been assigned by MITRE yet.
This bug appears to be a duplicate of bug 1260581.