Problem Description:
The ELF image activator cleared per-process ASLR preference
flags for setuid binaries after the code that computes the PIE base
address, rather than before. As a result, a user-requested ASLR
disable was still in effect at the point where the base address was
chosen.
Impact:
An unprivileged local user can disable ASLR for a setuid PIE
binary by calling procctl(2) before execve(2). This makes exploitation
of any separate memory corruption vulnerability in that binary
significantly easier.