Navigation
Recherche
|
A local root vulnerability in glibc
mardi 3 octobre 2023, 20:50 , par LWN.net
Qualys has posted an
advisory for a vulnerability in the GNU C Library related to the handling of the GLIBC_TUNABLES environment variable: We successfully exploited this vulnerability and obtained full root privileges on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, Debian 12 and 13; other distributions are probably also vulnerable and exploitable (one notable exception is Alpine Linux, which uses musl libc, not the glibc). Updates from distributors are beginning to appear and should be applied on any systems with untrusted users. The curious can see the fix applied to glibc in this patch series.
https://lwn.net/Articles/946381/
|
56 sources (32 en français)
Date Actuelle
jeu. 2 mai - 17:21 CEST
|