A local root vulnerability in glibc

Qualys has posted an
advisory for a vulnerability in the GNU C Library related to the
handling of the GLIBC_TUNABLES environment variable:

We successfully exploited this vulnerability and obtained full root
privileges on the default installations of Fedora 37 and 38, Ubuntu
22.04 and 23.04, Debian 12 and 13; other distributions are probably
also vulnerable and exploitable (one notable exception is Alpine
Linux, which uses musl libc, not the glibc).

Updates from distributors are beginning to appear and should be applied on
any systems with untrusted users.
The curious can see the fix applied to glibc in this
patch series.