Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
91
security advisoryGentoocriticalGentoo GLSA-202310-03 Critical: glibc Local Privilege Escalation
Multiple vulnerabilities in glibc could result in Local Privilege Escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202310-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: glibc: Multiple vulnerabilities Date: October 04, 2023 Bugs: #867952, #914281, #915127 ID: 202310-03 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Background ========== glibc is a package that contains the GNU C library. Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ sys-libs/glibc < 2.37-r7 > = 2.37-r7 Description =========== Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact ====== An attacker could elevate privileges from a local user to root. Workaround ========== There is no known workaround at this time. Resolution ========== All glibc users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =sys-libs/glibc-2.37-r7" References ========== [ 1 ] CVE-2022-39046 https://nvd.nist.gov/vuln/detail/CVE-2022-39046 [ 2 ] CVE-2023-4527 https://nvd.nist.gov/vuln/detail/CVE-2023-4527 [ 3 ] CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 [ 4 ] CVE-2023-4911 https://nvd.nist.gov/vuln/detail/CVE-2023-4911 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202310-03 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and securityof our users' machines is of utmost importance to us. Any security concerns should be addressed to
Oct 04, 2023
•Critical
Gentoo
89
security advisorymoderatefedoraFedora 32: 2021-6e581c051a Moderate: Glibc Buffer Overrun Correction
- x86: Check IFUNC definition in unrelocated executable [BZ #20019] - x86: Set header.feature_1 in TCB for always-on CET [BZ #27177] - x86-64: Avoid rep movsb with short distance [BZ #27130] - Fix for CVE-2019-25013 buffer overrun in EUC-KR conversion module (bz #24973) - Add NEWS entry for CVE-2020-29562 (BZ #26923) - iconv: Fix incorrect UCS4 inner loop bounds. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-6e581c051a 2021-01-20 01:26:41.922155 --------------------------------------------------------------------------------Name : glibc Product : Fedora 32 Version : 2.31 Release : 5.fc32 URL : Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. --------------------------------------------------------------------------------Update Information: - x86: Check IFUNC definition in unrelocated executable [BZ #20019] -x86: Set header.feature_1 in TCB for always-on CET [BZ #27177] - x86-64: Avoid rep movsb with short distance [BZ #27130] - Fix for CVE-2019-25013 buffer overrun in EUC-KR conversion module (bz #24973) - Add NEWS entry for CVE-2020-29562 (BZ #26923) - iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923) - tests-mcheck: New variable to run tests with MALLOC_CHECK_=3 - iconv: Accept redundant shift sequences in IBM1364 [BZ #26224] - sh: Add sh4 fpu Implies folder - aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798] - x86: Optimizing memcpy for AMD Zen architecture. - Reversing calculationof __x86_shared_non_temporal_threshold - AArch64: Use __memcpy_simd on Neoverse N2/V1 - [AArch64] Improve integer memcpy -AArch64: Rename IS_ARES to IS_NEOVERSE_N1 - AArch64: Improve backwards memmove performance - AArch64: Add optimized Q-register memcpy -AArch64: Align ENTRY to a cacheline - intl: Handle translation output codesets with suffixes [BZ #26383] - Add NEWS entry for CVE-2016-10228 (bug 19519) - Rewrite iconv option parsing [BZ #19519] - powerpc: Fix incorrect cache line size load in memset (bug 26332) - nptl: Zero-extend arguments to SETXID syscalls [BZ #26248] - Disable warnings due to deprecated libselinux symbols used by nss and nscd - Add NEWS entry for CVE-2020-6096 (bug 25620) --------------------------------------------------------------------------------ChangeLog: * Wed Jan 13 2021 Patsy Griffin - 2.31-5 - Auto-sync with upstream branch release/2.31/master, commit af316e4627ea2069c0f690e926e04d92f802f054. - x86: Check IFUNC definition in unrelocated executable [BZ #20019] - x86: Set header.feature_1 in TCB for always-on CET [BZ #27177] - x86-64: Avoid rep movsb with short distance [BZ #27130] - Fix buffer overrun in EUC-KR conversion module (bz #24973) - Add NEWS entry for CVE-2020-29562 (BZ #26923) - iconv: Fix incorrect UCS4 inner loop bounds (BZ#26923) - tests-mcheck: New variable to run tests with MALLOC_CHECK_=3 - iconv: Accept redundant shift sequences in IBM1364 [BZ #26224] - sh: Add sh4 fpu Implies folder - aarch64: Fix DT_AARCH64_VARIANT_PCS handling [BZ #26798] - x86: Optimizing memcpy for AMD Zen architecture. - Reversing calculation of __x86_shared_non_temporal_threshold - AArch64: Use __memcpy_simd on Neoverse N2/V1 - [AArch64] Improve integer memcpy - AArch64: Rename IS_ARES to IS_NEOVERSE_N1 - AArch64: Improve backwards memmove performance - AArch64: Add optimized Q-register memcpy - AArch64: Align ENTRY to a cacheline - intl: Handle translation output codesets with suffixes [BZ#26383] - Add NEWS entry for CVE-2016-10228 (bug 19519) - Rewrite iconv option parsing [BZ #19519] - powerpc: Fix incorrect cache line size load in memset (bug 26332) - nptl: Zero-extend arguments to SETXID syscalls [BZ #26248] - Disable warnings due to deprecated libselinux symbols used by nss and nscd - Add NEWS entry for CVE-2020-6096 (bug 25620) --------------------------------------------------------------------------------References: [ 1 ] Bug #1913056 - CVE-2019-25013 glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1913056 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-6e581c051a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Jan 19, 2021
•Important
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!