The Qualys Research Labs discovered a buffer overflow in the dynamic loader's processing of the GLIBC_TUNABLES environment variable. An attacker can exploit this flaw for privilege escalation. Details can be found in the Qualys advisory at www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt For the oldstable distribution (bullseye), this problem has been fixed in version 2.31-13+deb11u7. For the stable distribution (bookworm), this problem has been fixed in version 2.36-9+deb12u3. This update includes fixes for CVE-2023-4527 and CVE-2023-4806 originally planned for the upcoming bookworm point release. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: security-tracker.debian.org/tracker/glibc
Vulmon