AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Security alert: critical issues detected in GNU C library

A serious bug discovered in the C standard library: the alert involves multiple Linux distributions

A serious flaw (CVE-2023-6246) has been discovered in the GNU C Library (glibc) affecting many versions of Linux, allowing potential attacks to gain root privileges.

This pill is also available in Italian language

A critical vulnerability has been identified in the GNU C Library (glibc) which is of concern to computing environments. Labeled as CVE-2023-6246, the discovered flaw affects glibc's "__vsyslog_internal()" function and potentially allows an attacker to elevate to root privileges. Introduced in version 2.36, the bug continued until version 2.37, where CVE-2022-39046 was addressed.

Impact of the vulnerability on Linux systems

The scope of this flaw extends across significant Linux distributions, including Debian releases 12 and 13, Ubuntu releases 23.04 and 23.10, and Fedora releases 37 through 39. The scientific community admits that despite the focus on these distributions, others Linux systems may be in danger, due to the widespread use of glibc.

More glibc security flaws revealed

In addition to CVE-2023-6246, security researchers have identified additional weaknesses in glibc, with two of these located in the same "__vsyslog_internal()" function (identified as CVE-2023-6779 and CVE-2023-6780) and one Memory corruption vulnerability in function "qsort()". Qualys, the company that discovered these vulnerabilities, has repeatedly emphasized the importance of extreme cybersecurity in widely distributed software libraries like glibc.

History and implications of vulnerabilities in Linux

Qualys' list of Linux system vulnerability findings is long and includes several other significant flaws that have threatened user security. These include a bug in glibc's dynamic loader, a flaw in Polkit's pkexec component, a flaw in the kernel filesystem, and a vulnerability in Sudo. Consequently, attention towards maintaining security in Linux systems cannot be lost in light of problems of the magnitude just explored.

Follow us on Instagram for more pills like this

02/01/2024 21:21

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises