Source: glibc
Version: 2.29-3
Severity: important
Tags: security upstream
Control: found -1 2.28-10
Control: found -1 2.24-11+deb9u1
Control: found -1 2.24-11+deb9u4
Control: found -1 2.24-11


The following vulnerability was published for glibc, filling this bug
mainly for tracking purpose, it was reported upstream at [1].

| On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31
| fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable
| during program execution after a security transition, allowing local
| attackers to restrict the possible mapping addresses for loaded
| libraries and thus bypass ASLR for a setuid program.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:



Reply via email to