Attention Linux users, 

CISA recently added the notorious Looney Tunables glibc bug to its Known Exploited Vulnerabilities (KEV) catalog after researchers spotted experimental incursions into cloud environments by Kinsing threat actors. CISA has also ordered federal agencies to fix this vulnerability by December 12, 2023, highlighting the severity of this threat.

This vulnerability is found in the most integral part of most Linux systems that provides basic system functions like file I/O, network, and memory access. 

Threat actors are actively exploiting this flaw in Linux cloud environments using a complex mechanism involving the Kinsing malware, a Python-based exploit, and an additional PHP exploit. These exploits could potentially result in data breaches and system compromise since Looney Tunables allows a local user to gain full root privileges on impacted systems - so don’t delay patching!

Read on to learn about other severe and impactful vulnerabilities recently discovered and fixed in your open-source programs and applications.

Give your friends the gift of security this holiday season! If you found today’s newsletter helpful, please share it with a friend. Do you have a Linux security-related topic you'd like to cover for our audience? We welcome contributions from passionate and insightful community members who share our enthusiasm for Linux security!

Stay safe out there,

Brittany Signature 150

GNU C Library

The Discovery 

If you haven’t already updated to mitigate the notorious Looney Tunables privilege escalation vulnerability recently discovered in the GNU C Library, it is crucial to do so immediately! CISA has added Looney Tunables to its Known Exploited Vulnerabilities (KEV) catalog after researchers identified experimental incursions into cloud environments by Kinsing threat actors. This dangerous bug exists in the glibc dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable (CVE-2023-4911). Threat actors are actively exploiting this flaw in Linux cloud environments using a complex mechanism involving the Kinsing malware, a Python-based exploit, and an additional PHP exploit.

GNUCLibrary

The Impact

Exploitation of Looney Tunables can result in data breaches and system compromise since it allows a local user to gain full root privileges on impacted systems.

The Fix

A critical glibc security update has been released to fix this problematic bug. Given this vulnerability's severe repercussions on unpatched systems and CISA’s proof of active exploitation, we urge all affected users to update immediately to mitigate the risk of downtime and compromise.

Your Related Advisories:

Register to Customize Your Advisories

Squid

The Discovery 

Have you updated to secure your systems against the recent critical vulnerabilities found in the popular Squid caching proxy? These include request/response smuggling in HTTP/1.1 and ICAP (CVE-2023-46846), denial of service in HTTP Digest Authentication (CVE-2023-46847), and denial of service in FTP (CVE-2023-46848). CVE-2023-46846 and CVE-2023-46847 have received a National Vulnerability Database base score of 9.8 out of 10 due to their potential to lead to security breaches or other forms of system instability or unavailability. Distros continue to release security advisory updates addressing these bugs, which are among the worst we’ve seen in a while. Don’t delay patching!

Squid

The Impact

These severe Squid flaws could result in the compromise and theft of your sensitive data and loss of access to your critical systems.

The Fix

Squid has released an essential security update that mitigates these vulnerabilities. Given these bugs’ severe threat to impacted systems, if left unpatched, we strongly recommend that all affected users patch now. Patching will protect against downtime, system compromise, and data theft.

Your Related Advisories:

Register to Customize Your Advisories

Intel Microcode

The Discovery 

Have you updated to fix the severe privilege escalation vulnerability dubbed “Reptar” that was recently discovered in some Intel processors? Distros continue to release security advisory updates addressing this harmful bug, which involves a sequence of processor instructions that lead to unexpected behavior. This behavior could allow a local attacker to escalate privileges on impacted systems (CVE-2023-23583).

Intel Microcode

The Impact

This dangerous flaw could expose sensitive information or cause system crashes, resulting in a denial of service.

The Fix

An important Intel Microcode update has been released to mitigate this impactful vulnerability. Given this vulnerability's damaging repercussions on affected systems, if left unpatched, we urge all impacted users to update as soon as possible to prevent information disclosure and loss of access to their critical systems.

Your Related Advisories:

Register to Customize Your Advisories