GNU Libc current is affected by: Mitigation bypass. The impact is: Attacker may guess the heap addresses of pthread_created thread. The component is: glibc. Reference: https://sourceware.org/bugzilla/show_bug.cgi?id=22853
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1737446]
The information disclosure mentioned by CVE-2019-1010025 is not considered a vulnerability and its fix should be considered a hardening instead. Although it's possible to eventually leak the thread heap's address by passing the ASLR mechanism, this bug is not exploitable by itself. An attack can not use this directly to perform any unexpected action, although this can be used to exploit any other unrelated software which consumes glibc's pthread API.
Statement: This is does not affect the package glibc as shipped with Red Hat Enterprise Linux 5, 6,7 and 8. The bug related to this CVE is not exploitable.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-1010025