CLSA-2025-1757700003 glibc: Fix of CVE-2025-4802

CVE-2025-4802: prevent untrusted LDLIBRARYPATH from loading dynamically shared libraries in statically compiled binaries that call dlopen...

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

...

glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

Security update for glibc

This update for glibc fixes the following issues: CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317. Patch Instructions: To install this SUSE update use the SUSE recommended...

SUSE-SU-2025:01702-1 Security update for glibc

This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LDLIBRARYPATH bsc1243317...