Security
Headlines
HeadlinesLatestCVEs

Headline

Gentoo Linux Security Advisory 202402-01

Gentoo Linux Security Advisory 202402-1 - Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Versions greater than or equal to 2.38-r10 are affected.

Packet Storm
#vulnerability#web#mac#linux

Gentoo Linux Security Advisory GLSA 202402-01


                                       https://security.gentoo.org/  

Severity: High
Title: glibc: Multiple Vulnerabilities
Date: February 02, 2024
Bugs: #918412, #923352
ID: 202402-01


Synopsis

Multiple vulnerabilities in glibc could result in Local Privilege
Escalation.

Background

glibc is a package that contains the GNU C library.

Affected packages

Package Vulnerable Unaffected


sys-libs/glibc < 2.38-r10 >= 2.38-r10

Description

Multiple vulnerabilities have been discovered in glibc. Please review
the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All glibc users should upgrade to the latest version:

emerge --sync

emerge --ask --oneshot --verbose “>=sys-libs/glibc-2.38-r10”

References

[ 1 ] CVE-2023-5156
https://nvd.nist.gov/vuln/detail/CVE-2023-5156
[ 2 ] CVE-2023-6246
https://nvd.nist.gov/vuln/detail/CVE-2023-6246
[ 3 ] CVE-2023-6779
https://nvd.nist.gov/vuln/detail/CVE-2023-6779
[ 4 ] CVE-2023-6780
https://nvd.nist.gov/vuln/detail/CVE-2023-6780
[ 5 ] GLIBC-SA-2024-0001
[ 6 ] GLIBC-SA-2024-0002
[ 7 ] GLIBC-SA-2024-0003

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

https://security.gentoo.org/glsa/202402-01

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users’ machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
https://bugs.gentoo.org.

License

Copyright 2024 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Related news

February 2024: Vulremi, Vuldetta, PT VM Course relaunch, PT TrendVulns digests, Ivanti, Fortinet, MSPT, Linux PW

Hello everyone! In this episode, I will talk about the February updates of my open source projects, also about projects at my main job at Positive Technologies and interesting vulnerabilities. Alternative video link (for Russia): https://vk.com/video-149273431_456239140 Let’s start with my open source projects. Vulremi A simple vulnerability remediation utility, Vulremi, now has a logo and […]

Ubuntu Security Notice USN-6620-1

Ubuntu Security Notice 6620-1 - It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges.

Ubuntu Security Notice USN-6620-1

Ubuntu Security Notice 6620-1 - It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges.

Ubuntu Security Notice USN-6620-1

Ubuntu Security Notice 6620-1 - It was discovered that the GNU C Library incorrectly handled the syslog function call. A local attacker could use this issue to execute arbitrary code and possibly escalate privileges.

glibc syslog() Heap-Based Buffer Overflow

Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022).

glibc syslog() Heap-Based Buffer Overflow

Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022).

glibc syslog() Heap-Based Buffer Overflow

Qualys discovered a heap-based buffer overflow in the GNU C Library's __vsyslog_internal() function, which is called by both syslog() and vsyslog(). This vulnerability was introduced in glibc 2.37 (in August 2022).

glibc qsort() Out-Of-Bounds Read / Write

Qualys discovered a memory corruption in the glibc's qsort() function, due to a missing bounds check. To be vulnerable, a program must call qsort() with a nontransitive comparison function (a function cmp(int a, int b) that returns (a - b), for example) and with a large number of attacker-controlled elements (to cause a malloc() failure inside qsort()). They have not tried to find such a vulnerable program in the real world. All glibc versions from at least September 1992 (glibc 1.04) to the current release (glibc 2.38) are affected, but the glibc's developers have independently discovered and patched this memory corruption in the master branch (commit b9390ba, "stdlib: Fix array bounds protection in insertion sort phase of qsort") during a recent refactoring of qsort().

Debian Security Advisory 5611-1

Debian Linux Security Advisory 5611-1 - The Qualys Research Labs discovered several vulnerabilities in the GNU C Library's __vsyslog_internal() function (called by syslog() and vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780) can be exploited for privilege escalation or denial of service.

Debian Security Advisory 5611-1

Debian Linux Security Advisory 5611-1 - The Qualys Research Labs discovered several vulnerabilities in the GNU C Library's __vsyslog_internal() function (called by syslog() and vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780) can be exploited for privilege escalation or denial of service.

Debian Security Advisory 5611-1

Debian Linux Security Advisory 5611-1 - The Qualys Research Labs discovered several vulnerabilities in the GNU C Library's __vsyslog_internal() function (called by syslog() and vsyslog()). A heap-based buffer overflow (CVE-2023-6246), an off-by-one heap overflow (CVE-2023-6779) and an integer overflow (CVE-2023-6780) can be exploited for privilege escalation or denial of service.

Critical Flaws Found in GNU C Library, Major Linux Distros at Risk

By Deeba Ahmed Patch Now or Pay Later: Qsort Flaw Leaves Millions of Linux Systems Exposed. This is a post from HackRead.com Read the original post: Critical Flaws Found in GNU C Library, Major Linux Distros at Risk

Critical Flaws Found in GNU C Library, Major Linux Distros at Risk

By Deeba Ahmed Patch Now or Pay Later: Qsort Flaw Leaves Millions of Linux Systems Exposed. This is a post from HackRead.com Read the original post: Critical Flaws Found in GNU C Library, Major Linux Distros at Risk

Critical Flaws Found in GNU C Library, Major Linux Distros at Risk

By Deeba Ahmed Patch Now or Pay Later: Qsort Flaw Leaves Millions of Linux Systems Exposed. This is a post from HackRead.com Read the original post: Critical Flaws Found in GNU C Library, Major Linux Distros at Risk

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have been accidentally

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have been accidentally

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the heap-based buffer overflow vulnerability is rooted in glibc's __vsyslog_internal() function, which is used by syslog() and vsyslog() for system logging purposes. It's said to have been accidentally

Ubuntu Security Notice USN-6541-2

Ubuntu Security Notice 6541-2 - USN-6541-1 fixed vulnerabilities in the GNU C Library. Unfortunately, changes made to allow proper application of the fix for CVE-2023-4806 in Ubuntu 22.04 LTS introduced an issue in the NSCD service IPv6 processing functionalities. This update fixes the problem.

Ubuntu Security Notice USN-6541-1

Ubuntu Security Notice 6541-1 - It was discovered that the GNU C Library was not properly handling certain memory operations. An attacker could possibly use this issue to cause a denial of service. It was discovered that the GNU C library was not properly implementing a fix for CVE-2023-4806 in certain cases, which could lead to a memory leak. An attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.04.

CVE-2023-45085: Releases - HyperCloud Docs

An issue exists in SoftIron HyperCloud where compute nodes may come online immediately without following the correct initialization process.  In this instance, workloads may be scheduled on these nodes and deploy to a failed or erroneous state, which impacts the availability of these workloads that may be deployed during this time window. This issue impacts HyperCloud versions from 2.0.0 to before 2.0.3.

CVE-2023-5156: Invalid Bug ID

A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution