Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Mageia 8 and 9: Details on Glibc Buffer Overflow Advisory MGASA-2023-0286

mageia
Calendar Grey October 11, 2023
Dist Mageia Esm H88
Enhanced Fedora glibc releases tackle severe memory corruption vulnerability on October 15, 2023, bolstering overall software resilience.
The updated packages fix a security vulnerability: A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment var...

Summary

The updated packages fix a security vulnerability:
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. (CVE-2023-4911)

References

- https://bugs.mageia.org/show_bug.cgi?id=32357

- https://www.cve.org/CVERecord?id=CVE-2023-4911

- https://www.openwall.com/lists/oss-security/2023/10/03/2

- https://www.cve.org/CVERecord?id=CVE-2023-4911

Resolution

SRPMS

- 9/core/glibc-2.36-51.mga9

- 8/core/glibc-2.32-32.mga8

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 11 Oct 2023
URL: https://advisories.mageia.org/MGASA-2023-0286.html
Type: security
CVE: CVE-2023-4911

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here