Silvio Cesare discovered a potential information leak in glibc. It allows LD_DEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be used to gain confidentional information.
*** Bug 146404 has been marked as a duplicate of this bug. ***
[Bulk move of FC2 bugs to Fedora Legacy. See <http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00020.html>.]
I get the impression this bug is not considered worth fixing. Reopened bug 146404 so RH security team can decide on what to do for RHEL 3.
See #152848 for RHL73/RHL9/FC1.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-256.html
This hasn't been fixed for FC2 by Fedora Legacy.
The errata mistakenly references this bug, when it should be referencing bug 146404.
Because this is a Fedora Legacy issue, reopening.
Continuing tracking this at #152848, so closing here. *** This bug has been marked as a duplicate of 152848 ***