Linux Security Updates – 09 October 2023

By /
  • 251/2023
  • High

Linux has released security updates to fix multiple vulnerabilities in GNU C Library’s dynamic loader glibc version 2.34 and GNU grub2.

The addressed vulnerabilities could allow the attacker to execute arbitrary code, obtain sensitive information, gain access, or gain elevated privileges using a maliciously crafted GLIBC_TUNABLES environment variable processed by the ld.so dynamic loader to execute arbitrary commands with root privileges when launching binaries with SUID permission.

Sample of the addressed vulnerabilities:

GNU glibc Privilege Escalation Vulnerability (CVE-2023-4911):

  • CVSS: 7.8
  • Attack Vector: Local
  • Attack Complexity: Low
  • Privileges Required: Low
  • User Interaction: None
  • Consequences: Gain Privileges
Vulnerabilities
  • CVE-2023-4911
  • CVE-2023-4692
  • CVE-2023-4693
Mitigations

The enterprise should deploy the patches as soon as the testing phase is completed and should check with its vendors for updates if any. Below is a sample of the distributors’ fixes:

References