Incorrect handling of RPATH (or RUNPATH) in elf/dl-load.c could be used to run executables with libraries loaded from the current directory. Executables with AT_SECURE or SETUID that contain '$ORIGIN' in RPATH/RUNPATH could be used to run arbitrary code and lead to escalation of privileges.
This vulnerability was introduced in glibc version 2.19.
Created glibc tracking bugs for this issue:
Affects: fedora-all [bug 1526866]
Fedora version of glibc carries the following patch and therefore is not-vulnerable:
From 207e77fd3f0a94acdf0557608dd4f10ce0e0f22f Mon Sep 17 00:00:00 2001
From: Andreas Schwab <email@example.com>
Date: Mon, 9 May 2011 10:55:58 +0200
Subject: [PATCH] Never leave $ORIGIN unexpanded
This issue is addressed by the following upstream commit:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 7
Via RHSA-2018:3092 https://access.redhat.com/errata/RHSA-2018:3092