[This bug is similar but NOT identical to bug #209930 (which was caused by a misconfiguration of the buildsystem)] Description of problem: Applications which are using libltdl are searching '.' for .la files. This can used by an attacker to execute arbitrary code. The 'victim.c' example from bug #209930 shows: | # strace victim | open("foo.la", O_RDONLY) = -1 ENOENT (No such file or directory) Version-Release number of selected component (if applicable): libtool-ltdl-1.5.22-6.1.i386.rpm
I've disabled this 'feature' in Rawhide