Knowledge Base

CVE-2023-4911: Vulnerability in glibc’s ld.so

Situation

CVE-2023-4911 was discovered in glibc's ld.so.

Impact

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable (CVE-2023-4911). This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Call to action

The vulnerability affects the system library. Plesk doesn't ship its own glibc. So, it is fixed by the system package's update.

OS vendor's advisories should be followed to update the vulnerable library.

These Linux distributions have already published fixes:

Ubuntu issued fixes for glibc in 22.04, 23.04. Ubuntu 20 (focal) is not vulnerable.
RHEL 8,9 are fixed.
Debian 11, 12 issued fixes for glibc.
AlmaLinux 8 and 9 are fixed.
Rocky Linux 8 was fixed.

‘node’ or ‘npm’ CLI commands on a Plesk server fail: version `GLIBC_2.28′ not found (required by /opt/plesk/node/18/bin/node)

Unable to start migration in Plesk: Failed to connect to the source server ‘source’ (203.0.113.2) by SSH: encountered RSA key, expected OPENSSH key

Plesk websites secured by Let’s Encrypt certificates show ERR_CERT_AUTHORITY_INVALID warning after September 30, 2021

Hosting Wiki

Knowledge Base

CVE-2023-4911: Vulnerability in glibc’s ld.so

Situation

Impact

Call to action

How to Check Open Ports in Linux (Simple Commands & Tools)

Linux Logs Explained

Recommended OSs for Plesk

Cannot use Docker in Plesk: Local docker nodes can not be deployed in this environment

‘node’ or ‘npm’ CLI commands on a Plesk server fail: version `GLIBC_2.28′ not found (required by /opt/plesk/node/18/bin/node)

Unable to start migration in Plesk: Failed to connect to the source server ‘source’ (203.0.113.2) by SSH: encountered RSA key, expected OPENSSH key

Plesk websites secured by Let’s Encrypt certificates show ERR_CERT_AUTHORITY_INVALID warning after September 30, 2021