DEBIAN-CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

AZL-61873 CVE-2025-4802 affecting package glibc 2.35-10

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

UBUNTU-CVE-2009-5147

DL::dlopen in Ruby 1.8, 1.9.0, 1.9.2, 1.9.3, 2.0.0 before patchlevel 648, and 2.1 before 2.1.8 opens libraries with tainted names...

Debian DLA-300-1 : ruby1.9.1 security update

'sheepman' fixed a vulnerability in Ruby 1.9.1: DL::dlopen could open a library with tainted name even if $SAFE 0. For Debian 6 'Squeeze', this issue has been fixed in ruby1.9.1 1.9.2.0-2+deb6u7 NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA...