Skip to Content.
Sympa Menu

linux-announce - [[Linux-announce] ] "Looney Tunables" security issue in glibc (CVE-2023-4911)

linux-announce AT lists.psi.ch

Subject: Linux Mailing List

List archive

[[Linux-announce] ] "Looney Tunables" security issue in glibc (CVE-2023-4911)


Chronological Thread  
    < Chronological >       < Thread >
  • From: "Konrad Bucheli (PSI)" <konrad.bucheli AT psi.ch>
  • To: linux-announce AT lists.psi.ch
  • Subject: [[Linux-announce] ] "Looney Tunables" security issue in glibc (CVE-2023-4911)
  • Date: Mon, 9 Oct 2023 15:04:02 +0200
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 104.47.22.41) smtp.rcpttodomain=lists.psi.ch smtp.mailfrom=psi.ch; dmarc=pass (p=none sp=none pct=100) action=none header.from=psi.ch; dkim=none (message not signed); arc=none (0)
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lOjf5UH7vZYtTZYxT1W3mnu0Uao6ymgr8bpjCENpBR8=; b=CeyxIkIzvkKcz35RXWgrMHb7SbQ7G6YElLVCDfkKuajaWOGtAhzDl6XRxinjUiPWpiTAI/TOaybQyEIE7qmJj+CDevWcgEmg2gZYAPUVWJEruBRjrSl95o80wLUY+D2qpfiNNcs4nsH7NsYRfMJwO6/lbizNWyM/9fStqL1f0kjOB3VDaedryHAW+Sv7rPExiBFeg2q28qU0kTpiH9RWXFSgWktgklM/MBSssxfLig3Nd+EnhzFBo0MpjXgNwT7fRJl78dWJbBKoozBIs2UkmgeRgqBlgU1Ao7T6NQoRfp9ScDizJOgT5yxnIuAdJoq5NtTdIWbsqlCEsJe8IPo7nA==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RURfB/Pru/K6FM3gkQK7/fAr8Ae3KlHqaACOzmrKDaumqpRDpH7+egMD4ymdhKAh61IL3pbYPQSf/5J4y030/yilIpUpjhODAiK0jbmFTz7CFlk3qQAC2Smk3mSuxHknUbER37+qtzQ4uvffczVA8kw142y40HqRXeOoN3rYuLi7DgwP6JNtnaeD8oYYtiH8i/u2bi3lBDCtyPG0isrxZOjPRKgxHCUk7cbMd5LLGBLz1gkiSrSvq2fmHNj4VzR2k3i0VJUBvmgFY3GoCTzyw1xW37tGgy05mV15iwrsBAzw4M31a066xJBryLxFtzIYsa93/8YBPyQQ3ynoFvb+uw==
  • Authentication-results: mc4.ethz.ch; iprev=pass (mail-zr0che01on2060.outbound.protection.outlook.com) smtp.remote-ip=40.107.24.60; spf=pass smtp.mailfrom=psi.ch; dkim=pass header.d=psi.ch header.s=selector2 header.a=rsa-sha256; dmarc=pass header.from=psi.ch
  • Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=psi.ch;
Dear RHEL8 node operators

This bug allows for privilege escalation (aka a normal user can get root). It affects RHEL8, but not RHEL7.

The fix has been backported to the RHEL8 glibc-2.28-225 package. With the default Hiera settings

base::automatic_updates::interval: weekly
base::automatic_updates::type: security
rpm_repos::tag:
redhat8: 'rhel-8'

it should already be installed. You may check the installed version with

# rpm -q glibc
glibc-2.28-225.el8.x86_64
#

If that is not the case, please follow up according to your assessment and needs.


Source:
https://access.redhat.com/errata/RHSA-2023:5455?sc_cid=701600000006NHXAA2

Kind regards

Konrad


--
Paul Scherrer Institut
Konrad Bucheli
Linux Systems Engineer
Core Linux Research Services
Science IT Infrastructure and Services department (AWI)
OBBA/230
Forschungstrasse 111
5232 Villigen PSI
Switzerland

Phone: +41 56 310 27 24
konrad.bucheli AT psi.ch
www.psi.ch

  • [[Linux-announce] ] "Looney Tunables" security issue in glibc (CVE-2023-4911), Konrad Bucheli (PSI), 10/09/2023

Archive powered by MHonArc 2.6.24.

Top of Page