A local root vulnerability in glibc

by
corbet
from LWN.net on (#6F92X)
Qualys has posted anadvisory for a vulnerability in the GNU C Library related to thehandling of the GLIBC_TUNABLES environment variable:

We successfully exploited this vulnerability and obtained full rootprivileges on the default installations of Fedora 37 and 38, Ubuntu22.04 and 23.04, Debian 12 and 13; other distributions are probablyalso vulnerable and exploitable (one notable exception is AlpineLinux, which uses musl libc, not the glibc).

Updates from distributors are beginning to appear and should be applied onany systems with untrusted users.The curious can see the fix applied to glibc in thispatch series.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments