CVE-2017-16997(https://nvd.nist.gov/vuln/detail/CVE-2017-16997): elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the "./" directory. @maintainter(s): "NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution." proceed as necessary, call for stable when ready, thank you. Gentoo Security Padawan (Jmbailey/mbailey_j)
fixed in: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=3e3c904daef69b8bf7d5cc07f793c9f07c3553ef
Fixed upstream in 2.27 Fix added to the gentoo/2.26 branch, will be in patchlevel 6
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=fa2244fedca8e63902ba8d879dbf0f4d9548d754 commit fa2244fedca8e63902ba8d879dbf0f4d9548d754 Author: Andreas K. Hüttel <dilfridge@gentoo.org> AuthorDate: 2018-02-08 23:49:17 +0000 Commit: Andreas K. Hüttel <dilfridge@gentoo.org> CommitDate: 2018-02-08 23:49:40 +0000 sys-libs/glibc: Revbump 2.26-r6 with next patchset (patchlevel 6) 10 test failures need investigating: === FAIL: elf/tst-prelink-cmp XPASS: elf/tst-protected1a XPASS: elf/tst-protected1b FAIL: malloc/tst-malloc-tcache-leak FAIL: math/test-float128-finite-tgamma FAIL: math/test-float128-finite-trunc FAIL: math/test-float128-tgamma FAIL: math/test-float128-trunc FAIL: math/test-ifloat128-tgamma FAIL: math/test-ifloat128-trunc FAIL: misc/tst-ttyname UNSUPPORTED: nptl/test-cond-printers UNSUPPORTED: nptl/test-condattr-printers UNSUPPORTED: nptl/test-mutex-printers UNSUPPORTED: nptl/test-mutexattr-printers UNSUPPORTED: nptl/test-rwlock-printers UNSUPPORTED: nptl/test-rwlockattr-printers FAIL: nss/tst-nss-files-hosts-multi Summary of test results: 10 FAIL 4113 PASS 6 UNSUPPORTED 29 XFAIL 2 XPASS === Bug: https://bugs.gentoo.org/646492 Bug: https://bugs.gentoo.org/646490 Bug: https://bugs.gentoo.org/641644 Bug: https://bugs.gentoo.org/644278 Package-Manager: Portage-2.3.21, Repoman-2.3.6 sys-libs/glibc/Manifest | 1 + sys-libs/glibc/glibc-2.26-r6.ebuild | 836 ++++++++++++++++++++++++++++++++++++ 2 files changed, 837 insertions(+)}
Fix added to the gentoo/2.25 branch, will be in patchlevel 14
This issue was resolved and addressed in GLSA 201804-02 at https://security.gentoo.org/glsa/201804-02 by GLSA coordinator Aaron Bauman (b-man).
