The updated packages fix a security vulnerability:
A buffer overflow was discovered in the GNU C Library's dynamic loader
ld.so while processing the GLIBC_TUNABLES environment variable. This
issue could allow a local attacker to use maliciously crafted
GLIBC_TUNABLES environment variables when launching binaries with SUID
permission to execute code with elevated privileges. (CVE-2023-4911)
- https://bugs.mageia.org/show_bug.cgi?id=32357
- https://www.cve.org/CVERecord?id=CVE-2023-4911
- https://www.openwall.com/lists/oss-security/2023/10/03/2
- https://www.cve.org/CVERecord?id=CVE-2023-4911
- 9/core/glibc-2.36-51.mga9
- 8/core/glibc-2.32-32.mga8
Get the latest Linux and open source security news straight to your inbox.