Incoming details.
From $URL: ======================================================================== Summary ======================================================================== We have discovered a memory leak and a buffer overflow in the dynamic loader (ld.so) of the GNU C Library (glibc): - the memory leak (CVE-2017-1000408) first appeared in glibc 2.1.1 (released on May 24, 1999) and can be reached and amplified through the LD_HWCAP_MASK environment variable; - the buffer overflow (CVE-2017-1000409) first appeared in glibc 2.5 (released on September 29, 2006) and can be triggered through the LD_LIBRARY_PATH environment variable. Further investigation showed that: - the buffer overflow is not exploitable if /proc/sys/fs/protected_hardlinks is enabled (it is not enabled by default on vanilla Linux kernels, but most Linux distributions turn it on by default); - the memory leak and the buffer overflow are not exploitable if the glibc is patched against CVE-2017-1000366, because this patch ignores the LD_HWCAP_MASK and LD_LIBRARY_PATH environment variables when SUID binaries are executed (CVE-2017-1000366 was first patched in glibc 2.26, released on August 2, 2017, but most Linux distributions had already backported this patch on June 19, 2017). We have therefore rated the impact of these vulnerabilities as Low. Nevertheless, we give a brief analysis of the vulnerable function, and present a simple method for exploiting a SUID binary on the command line and obtaining full root privileges (if /proc/sys/fs/protected_hardlinks is not enabled, and CVE-2017-1000366 is not patched). [...]
Gentoo is not affected because >=sys-libs/glibc-2.23-r4 carries patch for CVE-2017-1000366. Repository is clean. All done.