Lucene search

K
gentooGentoo FoundationGLSA-202310-03
HistoryOct 04, 2023 - 12:00 a.m.

glibc: Multiple vulnerabilities

2023-10-0400:00:00
Gentoo Foundation
security.gentoo.org
14
glibc
vulnerabilities
privilege escalation
upgrade

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.016

Percentile

87.4%

Background

glibc is a package that contains the GNU C library.

Description

Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details.

Impact

An attacker could elevate privileges from a local user to root.

Workaround

There is no known workaround at this time.

Resolution

All glibc users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.37-r7"
OSVersionArchitecturePackageVersionFilename
Gentooanyallsys-libs/glibc< 2.37-r7UNKNOWN

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.016

Percentile

87.4%