A flaw was found in glibc. GNU Libc have special caches to keep stacks and heaps of finished threads. This behavior may break ASRL by leaking addresses of ended thread stack or heap.
Statement: This flaw can be used to leak addresses of data objects allocated on the stack or the heap. Since ASLR (Address Space Layout Randomization) is a post exploitation mitigation measure, Red Hat Product Security does not consider this as a security flaw, but rather a security hardening.
Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=22852
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1546605] Created glibc-arm-linux-gnu tracking bugs for this issue: Affects: fedora-all [bug 1546604]
Reference: http://www.openwall.com/lists/oss-security/2018/02/27/5