Document CVE-2025-4802.

This commit adds advisory data for the above CVE(s).

advisories/GLIBC-SA-2025-0002

@@ -0,0 +1,18 @@
+elf: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH
+
+A statically linked setuid binary that calls dlopen (including internal
+dlopen calls after setlocale or calls to NSS functions such as getaddrinfo)
+may incorrectly search LD_LIBRARY_PATH to determine which library to load,
+leading to the execution of library code that is attacker controlled.
+
+The only viable vector for exploitation of this bug is local, if a static
+setuid program exists, and that program calls dlopen, then it may search
+LD_LIBRARY_PATH to locate the SONAME to load. No such program has been
+discovered at the time of publishing this advisory, but the presence of
+custom setuid programs, although strongly discouraged as a security
+practice, cannot be discounted.
+
+CVE-id: CVE-2025-4802
+Public-Date: 2025-05-16
+Vulnerable-Commit: 10e93d968716ab82931d593bada121c17c0a4b93 (2.27)
+Fix-Commit: 5451fa962cd0a90a0e2ec1d8910a559ace02bba0 (2.39)