Thursday ZDNet reported…
As safety holes go, CVE-2023-4911, aka “Looney Tunables,” is not horrid. It has a Frequent Vulnerability Scoring System rating of seven.8, which is ranked as necessary, not important.
However, this GNU C Library’s (glibc) dynamic loader vulnerability is a buffer overflow, which is at all times huge bother, and it is in just about all Linux distributions, so it is greater than dangerous sufficient. In any case, its discoverers, the Qualys Menace Analysis Unit, have been in a position to exploit “this vulnerability (a neighborhood privilege escalation that grants full root privileges) on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13.” Different distributions are nearly actually susceptible to assault. The one main exception is the extremely safe Alpine Linux. Because of this vulnerability, it is trivial to take over most Linux methods as a root consumer. Because the researchers famous, this exploitation methodology “works in opposition to nearly all the SUID-root applications which are put in by default on Linux….”
The excellent news is that Crimson Hat, Ubuntu, Debian, and Gentoo have all launched their very own updates. As well as, the upstream glibc code has been patched with the repair. If you cannot patch it, Crimson Hat has a script that ought to work on most Linux methods to mitigate the issue by setting your system to terminate any setuid program invoked with GLIBC_TUNABLES within the atmosphere.