First published: Tue Oct 03 2023(Updated: )
It was discovered that the GNU C Library incorrectly handled the GLIBC_TUNABLES environment variable. An attacker could possibly use this issue to perform a privilege escalation attack. (CVE-2023-4911) It was discovered that the GNU C Library incorrectly handled certain DNS responses when the system was configured in no-aaaa mode. A remote attacker could possibly use this issue to cause the GNU C Library to crash, resulting in a denial of service. This issue only affected Ubuntu 23.04. (CVE-2023-4527)
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/libc6 | <2.37-0ubuntu2.1 | 2.37-0ubuntu2.1 |
Ubuntu Ubuntu | =23.04 | |
All of | ||
ubuntu/libc6 | <2.35-0ubuntu3.4 | 2.35-0ubuntu3.4 |
Ubuntu Ubuntu | =22.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for these GNU C Library vulnerabilities is CVE-2023-4911.
CVE-2023-4911 could allow an attacker to perform a privilege escalation attack.
The GNU C Library vulnerabilities affect the libc6 package with versions 2.37-0ubuntu2.1 and 2.35-0ubuntu3.4 on Ubuntu 23.04 and 22.04, respectively.
To fix the GNU C Library vulnerabilities, update the libc6 package to versions 2.37-0ubuntu2.1 or 2.35-0ubuntu3.4, depending on your Ubuntu version.
More information about these vulnerabilities can be found at the following references: [CVE-2023-4911](https://ubuntu.com/security/CVE-2023-4911) and [CVE-2023-4527](https://ubuntu.com/security/CVE-2023-4527).