From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 1220C15815E for ; Fri, 2 Feb 2024 03:07:18 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 70BBEE2A78; Fri, 2 Feb 2024 03:06:46 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 8EBE4E2A03 for ; Fri, 2 Feb 2024 03:02:52 +0000 (UTC) Received: from glsamakerdev.dev.gentoo.org (unknown [140.211.166.165]) by smtp.gentoo.org (Postfix) with ESMTP id 01551343231 for ; Fri, 2 Feb 2024 03:02:52 +0000 (UTC) Received: from [172.18.0.3] (unknown [172.18.0.3]) by glsamakerdev.dev.gentoo.org (Postfix) with ESMTP id C6BFF89DC9 for ; Fri, 2 Feb 2024 03:02:51 +0000 (UTC) Subject: [gentoo-announce] [ GLSA 202402-01 ] glibc: Multiple Vulnerabilities Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-announce@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha512"; boundary="===============7073132668388078201==" From: glsamaker@gentoo.org To: gentoo-announce@lists.gentoo.org Reply-To: security@gentoo.org Date: Fri, 02 Feb 2024 03:02:51 -0000 Message-ID: <170684297180.8.16274724331965219156@96c4bd820ff0> X-Archives-Salt: 14ceb2c2-c22f-4f92-901a-9b26d77849bb X-Archives-Hash: ec5b7cf1c6e92eabc7206799a955a607 --===============7073132668388078201== Content-Type: text/plain; charset="utf-8" - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202402-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: glibc: Multiple Vulnerabilities Date: February 02, 2024 Bugs: #918412, #923352 ID: 202402-01 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Multiple vulnerabilities in glibc could result in Local Privilege Escalation. Background ========== glibc is a package that contains the GNU C library. Affected packages ================= Package Vulnerable Unaffected -------------- ------------ ------------ sys-libs/glibc < 2.38-r10 >= 2.38-r10 Description =========== Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details. Impact ====== Please review the referenced CVE identifiers for details. Workaround ========== There is no known workaround at this time. Resolution ========== All glibc users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.38-r10" References ========== [ 1 ] CVE-2023-5156 https://nvd.nist.gov/vuln/detail/CVE-2023-5156 [ 2 ] CVE-2023-6246 https://nvd.nist.gov/vuln/detail/CVE-2023-6246 [ 3 ] CVE-2023-6779 https://nvd.nist.gov/vuln/detail/CVE-2023-6779 [ 4 ] CVE-2023-6780 https://nvd.nist.gov/vuln/detail/CVE-2023-6780 [ 5 ] GLIBC-SA-2024-0001 [ 6 ] GLIBC-SA-2024-0002 [ 7 ] GLIBC-SA-2024-0003 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202402-01 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2024 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 --===============7073132668388078201== Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEpqTA6ABLMxh/aChGFMQkOaVy+9kFAmW8W1sACgkQFMQkOaVy +9kOHRAAt0d5wu3HUJReIywhpQcJPBUiwQlvKqZeAzg1J2E552GPCxReXzhOwOrj cdiqaBJZYWfzuh+I5w47V1ROsA9bkoXSLjUkVBoS+k4rqeGvssGRNpFs5EDM3by4 S0Pjrad27O0pM5CZbmpdvGuWJlqCjloDUyg01JQ6g+berwlJGTnIvW3DDhI6F48R gqts/jKRgmR0bu8giLv5SgdzEcEqpCTTHT/Ll7d1SYEzpTuqrWFgHgEJU1uru+dE DR7HVnsxcPkUBfq3qJQMz/Ea3W9sqSPwCD/XRqMypxvhJwqNC9xqj2NSujA2Gw05 qcVZPf5iuekb94jfv49oxK1h7wb7rFUQr3AAVds04S4XxT/kXGyBg1loTZ1GIAhx 3x6LDkykaKsrfjnCCZu95oyLdonOtblb5KyVUT/7oxwzblXufk6LGQLACJZXnG5E Ej1wCL3MQxSpIH7eA5yOxA8hHfA0KCtym7Ea/sUE38HkTDCPlD6dZSCgdXD9eqKs Le5cXoNiiq2R8itxsyDtaGqegXonou1ByNdK33AK/Zm4HxnRzkLx1Ry9MYnKdj5m cQ7uQDh5U7M1UVcdzh2srNb5/Dp9I/Y7Bu6rzx6v16Z/tukFBdYMCdtc4zzIFuZd UwdvTQo/auntzlOYqUT8BWRSfI+teG0vUtJMEUJZt3JkcuG2TFc= =MKFd -----END PGP SIGNATURE----- --===============7073132668388078201==--