Ubuntu Security Notice 3536-1 - It was discovered that the GNU C library did not properly handle all of the possible return values from the kernel getcwd syscall. A local attacker could potentially exploit this to execute arbitrary code in setuid programs and gain administrative privileges.
b8e54aa839f1953cae81c827296bd6d411bf14b4a0889c2311ae75dee2b376e7