Knowledge Base

CVE-2023-4911: Vulnerability in glibc’s ld.so

 
technical questionsalmalinuxdebianlinuxos

Situation

CVE-2023-4911 was discovered in glibc's ld.so.

Impact

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable (CVE-2023-4911). This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Call to action

The vulnerability affects the system library. Plesk doesn't ship its own glibc. So, it is fixed by the system package's update.
 
OS vendor's advisories should be followed to update the vulnerable library.

These Linux distributions have already published fixes:

  • Ubuntu issued fixes for glibc in 22.04, 23.04. Ubuntu 20 (focal) is not vulnerable.
  • RHEL 8,9 are fixed.
  • Debian 11, 12 issued fixes for glibc.
  • AlmaLinux 8 and 9 are fixed.
  • Rocky Linux 8 was fixed.
Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

Follow us:

Facebook Twitter Linkedin Youtube Github

© 2023 Plesk International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of Plesk International GmbH.

Managed with love with Plesk WP Toolkit

Plesk uses LiveChat system (3rd party).

By proceeding below, I hereby agree to use LiveChat as an external third party technology. This may involve a transfer of my personal data (e.g. IP Address) to third parties in- or outside of Europe. For more information, please see our Privacy Policy.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt