Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Debian: DSA-5514-1 Critical: Glibc Buffer Overflow Privilege Escalation

debian
Calendar Grey October 3, 2023
Debian Logo
The Ubuntu Security Notice USN-4514-1 discusses the OpenSSL vulnerability, helping mitigate potential unauthorized access.
The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable
Topics%20covered

Topics Covered

security advisory buffer overflow debian privilege escalation glibc critical severity

Summary

Details can be found in the Qualys advisory at
https://https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt

For the oldstable distribution (bullseye), this problem has been fixed
in version 2.31-13+deb11u7.

For the stable distribution (bookworm), this problem has been fixed in
version 2.36-9+deb12u3. This update includes fixes for CVE-2023-4527 and
CVE-2023-4806 originally planned for the upcoming bookworm point
release.

We recommend that you upgrade your glibc packages.

For the detailed security status of glibc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/source-package/glibc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/



Severity
critical
Lowest
Low
Medium
High
Critical

Package: glibc
CVE ID: CVE-2023-4911

Topics%20covered

Topics Covered

security advisory buffer overflow debian privilege escalation glibc critical severity

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here