linux-announce AT lists.psi.ch
Subject: Linux Mailing List
List archive
- From: "Konrad Bucheli (PSI)" <konrad.bucheli AT psi.ch>
- To: linux-announce AT lists.psi.ch
- Subject: [[Linux-announce] ] "Looney Tunables" security issue in glibc (CVE-2023-4911)
- Date: Mon, 9 Oct 2023 15:04:02 +0200
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 104.47.22.41) smtp.rcpttodomain=lists.psi.ch smtp.mailfrom=psi.ch; dmarc=pass (p=none sp=none pct=100) action=none header.from=psi.ch; dkim=none (message not signed); arc=none (0)
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=lOjf5UH7vZYtTZYxT1W3mnu0Uao6ymgr8bpjCENpBR8=; b=CeyxIkIzvkKcz35RXWgrMHb7SbQ7G6YElLVCDfkKuajaWOGtAhzDl6XRxinjUiPWpiTAI/TOaybQyEIE7qmJj+CDevWcgEmg2gZYAPUVWJEruBRjrSl95o80wLUY+D2qpfiNNcs4nsH7NsYRfMJwO6/lbizNWyM/9fStqL1f0kjOB3VDaedryHAW+Sv7rPExiBFeg2q28qU0kTpiH9RWXFSgWktgklM/MBSssxfLig3Nd+EnhzFBo0MpjXgNwT7fRJl78dWJbBKoozBIs2UkmgeRgqBlgU1Ao7T6NQoRfp9ScDizJOgT5yxnIuAdJoq5NtTdIWbsqlCEsJe8IPo7nA==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RURfB/Pru/K6FM3gkQK7/fAr8Ae3KlHqaACOzmrKDaumqpRDpH7+egMD4ymdhKAh61IL3pbYPQSf/5J4y030/yilIpUpjhODAiK0jbmFTz7CFlk3qQAC2Smk3mSuxHknUbER37+qtzQ4uvffczVA8kw142y40HqRXeOoN3rYuLi7DgwP6JNtnaeD8oYYtiH8i/u2bi3lBDCtyPG0isrxZOjPRKgxHCUk7cbMd5LLGBLz1gkiSrSvq2fmHNj4VzR2k3i0VJUBvmgFY3GoCTzyw1xW37tGgy05mV15iwrsBAzw4M31a066xJBryLxFtzIYsa93/8YBPyQQ3ynoFvb+uw==
- Authentication-results: mc4.ethz.ch; iprev=pass (mail-zr0che01on2060.outbound.protection.outlook.com) smtp.remote-ip=40.107.24.60; spf=pass smtp.mailfrom=psi.ch; dkim=pass header.d=psi.ch header.s=selector2 header.a=rsa-sha256; dmarc=pass header.from=psi.ch
- Authentication-results-original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=psi.ch;
Dear RHEL8 node operators
This bug allows for privilege escalation (aka a normal user can get root). It affects RHEL8, but not RHEL7.
The fix has been backported to the RHEL8 glibc-2.28-225 package. With the default Hiera settings
base::automatic_updates::interval: weekly
base::automatic_updates::type: security
rpm_repos::tag:
redhat8: 'rhel-8'
it should already be installed. You may check the installed version with
# rpm -q glibc
glibc-2.28-225.el8.x86_64
#
If that is not the case, please follow up according to your assessment and needs.
Source:
https://access.redhat.com/errata/RHSA-2023:5455?sc_cid=701600000006NHXAA2
Kind regards
Konrad
--
Paul Scherrer Institut
Konrad Bucheli
Linux Systems Engineer
Core Linux Research Services
Science IT Infrastructure and Services department (AWI)
OBBA/230
Forschungstrasse 111
5232 Villigen PSI
Switzerland
Phone: +41 56 310 27 24
konrad.bucheli AT psi.ch
www.psi.ch
- [[Linux-announce] ] "Looney Tunables" security issue in glibc (CVE-2023-4911), Konrad Bucheli (PSI), 10/09/2023
Archive powered by MHonArc 2.6.24.