Red Hat Bugzilla – Bug 146404
CAN-2004-1453 Information leak with LD_DEBUG
Last modified: 2007-11-30 17:07:06 EST
Silvio Cesare discovered a potential information leak in glibc. It allows LD_DEBUG on SUID binaries where it should not be allowed. This has various security implications, which may be used to gain confidentional information.
One bug is enough. *** This bug has been marked as a duplicate of 146402 ***
Hm. Somewhat weird you close this bug as a duplicate although they are for different releases/OSes, but you don't leave bug 146207 open for use against FC 2 and RHEL 3. Anyway, IIUC issue exists on FC 2 and RHEL 3. Please don't close bug 146402 as a duplicate of bug 146207 ;-) .
So tell me for next time: One bug for multiple releases/OSes or one for every affected release? In case of the former you shouldn't have closed bug 146207 in the first place. In case of the latter you shouldn't have closed this one as a dup.
Reopening bug as the "dup" has been moved over to Fedora Legacy. If this bug is not considered worth fixing please close WONTFIX.
An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2005-256.html The advisory mistakenly references bug 146202 when it should be referencing this bug.