Lucene search

K
mageiaGentoo FoundationMGASA-2023-0286
HistoryOct 12, 2023 - 12:04 a.m.

Updated glibc packages fix a security vulnerability

2023-10-1200:04:02
Gentoo Foundation
advisories.mageia.org
28
glibc
buffer overflow
dynamic loader
local attacker
suid permission
cve-2023-4911
unix

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.016

Percentile

87.4%

The updated packages fix a security vulnerability: A buffer overflow was discovered in the GNU C Library’s dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges. (CVE-2023-4911)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchglibc< 2.32-32glibc-2.32-32.mga8
Mageia9noarchglibc< 2.36-51glibc-2.36-51.mga9

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.016

Percentile

87.4%