Bug 146402 - CAN-2004-1453 Information leak with LD_DEBUG
Summary: CAN-2004-1453 Information leak with LD_DEBUG
Status: CLOSED DUPLICATE of bug 152848
Alias: None
Product: Fedora Legacy
Classification: Retired
Component: glibc   
(Show other bugs)
Version: fc2
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Fedora Legacy Bugs
QA Contact:
URL: http://www.gentoo.org/security/en/gls...
Whiteboard: 2, discuss
Keywords: Security
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-01-27 21:48 UTC by Leonard den Ottolander
Modified: 2016-11-24 14:52 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-07-20 16:10:02 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2005:256 high SHIPPED_LIVE Low: glibc security update 2005-05-18 04:00:00 UTC

Description Leonard den Ottolander 2005-01-27 21:48:00 UTC
Silvio Cesare discovered a potential information leak in glibc. It
allows LD_DEBUG on SUID binaries where it should not be allowed. This
has various security implications, which may be used to gain
confidentional information.

Comment 1 Jakub Jelinek 2005-01-27 22:05:05 UTC
*** Bug 146404 has been marked as a duplicate of this bug. ***

Comment 4 Matthew Miller 2005-04-11 22:20:44 UTC
[Bulk move of FC2 bugs to Fedora Legacy. See
<http://www.redhat.com/archives/fedora-announce-list/2005-April/msg00020.html>.]

Comment 5 Leonard den Ottolander 2005-04-12 22:44:50 UTC
I get the impression this bug is not considered worth fixing. Reopened bug
146404 so RH security team can decide on what to do for RHEL 3.


Comment 6 Pekka Savola 2005-05-16 10:29:22 UTC
See #152848 for RHL73/RHL9/FC1.

Comment 7 Tim Powers 2005-05-18 14:00:02 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-256.html


Comment 8 Dominic Hargreaves 2005-05-18 14:24:52 UTC
This hasn't been fixed for FC2 by Fedora Legacy.

Comment 9 Dennis Gregorovic 2005-05-20 03:25:55 UTC
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2005-256.html


Comment 10 Josh Bressers 2005-06-16 22:43:43 UTC
The errata mistakenly references this bug, when it should be referencing bug 146404.

Comment 11 Pekka Savola 2005-06-17 04:39:05 UTC
Because this is a Fedora Legacy issue, reopening.

Comment 12 Pekka Savola 2005-07-20 16:10:02 UTC
Continuing tracking this at #152848, so closing here.

*** This bug has been marked as a duplicate of 152848 ***


Note You need to log in before you can comment on or make changes to this bug.