- ------------------------------------------------------------------------- Debian Security Advisory DSA-5514-1 security@debian.org https://www.debian.org/security/ Salvatore Bonaccorso October 03, 2023 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : glibc CVE ID : CVE-2023-4911 The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable. An attacker can exploit this flaw for privilege escalation. Details can be found in the Qualys advisory at https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt For the oldstable distribution (bullseye), this problem has been fixed in version 2.31-13+deb11u7. For the stable distribution (bookworm), this problem has been fixed in version 2.36-9+deb12u3. This update includes fixes for CVE-2023-4527 and CVE-2023-4806 originally planned for the upcoming bookworm point release. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glibc Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org
Debian: DSA-5514-1: glibc security update
October 3, 2023
The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable
Summary
Details can be found in the Qualys advisory at
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
For the oldstable distribution (bullseye), this problem has been fixed
in version 2.31-13+deb11u7.
For the stable distribution (bookworm), this problem has been fixed in
version 2.36-9+deb12u3. This update includes fixes for CVE-2023-4527 and
CVE-2023-4806 originally planned for the upcoming bookworm point
release.
We recommend that you upgrade your glibc packages.
For the detailed security status of glibc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/glibc
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org
Severity
The Qualys Research Labs discovered a buffer overflow in the dynamic
loader's processing of the GLIBC_TUNABLES environment variable. An
attacker can exploit this flaw for privilege escalation.
News
HOWTOs
About Us
Powered By
