Advisories » MGASA-2023-0286

Updated glibc packages fix a security vulnerability

Publication date: 11 Oct 2023
Modification date: 11 Oct 2023
Type: security
Affected Mageia releases : 8 , 9
CVE: CVE-2023-4911

Description

The updated packages fix a security vulnerability:

A buffer overflow was discovered in the GNU C Library's dynamic loader
ld.so while processing the GLIBC_TUNABLES environment variable. This
issue could allow a local attacker to use maliciously crafted
GLIBC_TUNABLES environment variables when launching binaries with SUID
permission to execute code with elevated privileges. (CVE-2023-4911)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=32357
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911
• https://www.openwall.com/lists/oss-security/2023/10/03/2
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4911

SRPMS

9/core

• glibc-2.36-51.mga9

8/core

• glibc-2.32-32.mga8