Ben Hawkes and Tavis Ormandy discovered that the dynamic loader in GNU libc allows local users to gain root privileges using a crafted LD_AUDIT environment variable. For the stable distribution , this problem has been fixed in version 2.7-18lenny6. For the upcoming stable distribution , this problem has been fixed in version 2.11.2-6+squeeze1 of the eglibc package. For the unstable distribution , this problem will be fixed soon. We recommend that you upgrade your glibc packages.