Linux glibc flaw lets attackers get root on major distros

That might explain why my systems saw a bunch of libglib2.0 package updates yesterday.

The upside to linux is quick fixes when something goes wrong.

The downside to quick fixes is that sometimes they are reactionary and cause more problems.

I'd still rather have a known issue patched quickly even with that downside though. At the very least it presents a moving target.
 
As a Linux Mint 21 user I'm on Ubuntu 22.04 and it seems to effect Ubuntu 23.04 and 23.10. I guess I'm still vulnerable to the old flaw?
 
DukenukemX said:
As a Linux Mint 21 user I'm on Ubuntu 22.04 and it seems to effect Ubuntu 23.04 and 23.10. I guess I'm still vulnerable to the old flaw?
Click to expand...
Not necessarily, you could still be on 2.35 which means you have other problems but this one was introduced in 2.36 and modified but not resolved in 2.37.
In either event, you should check what you are on and update accordingly though the likelihood of any of these flaws being exploited on a random home user is not what I would consider high.
 
DukenukemX said:
As a Linux Mint 21 user I'm on Ubuntu 22.04 and it seems to effect Ubuntu 23.04 and 23.10. I guess I'm still vulnerable to the old flaw?
Click to expand...


I can't say specifically for this one, but most major maintained Linux distributions will backport security patches into their versions of packages and kernels in their repositories.

Large portions of common packages used in Mint come from the Ubuntu repositories for the underlying Ubuntu version Mint is based on.

Linux Mint 21 is still maintained, as is Ubuntu 22.04LTS it is based on. Both are major distributions, so my educated guess would be that these are patched.
 
Last edited:
Zarathustra[H] said:
I can't say specifically for this one, but most major maintained Linux distributions will backport security patches into their versions of packages and kernels in their repositories.

Large portions of common packages used in Mint come from the Ubuntu repositories for the underlying Ubuntu version Mint is based on.

Linux Mint 21 is still maintained, as is Ubuntu 22.04LTS it is based on. Both are major distributions, so my educated guess would be that these are patched.
Click to expand...
Yeah, it's one of the reasons distro maintainers and backporters are so busy.
 
DukenukemX said:
As a Linux Mint 21 user I'm on Ubuntu 22.04 and it seems to effect Ubuntu 23.04 and 23.10. I guess I'm still vulnerable to the old flaw?
Click to expand...
You can check the version with:
ldd --version

Lakados said:
Not necessarily, you could still be on 2.35 which means you have other problems but this one was introduced in 2.36 and modified but not resolved in 2.37.
In either event, you should check what you are on and update accordingly though the likelihood of any of these flaws being exploited on a random home user is not what I would consider high.
Click to expand...
Good call, Mint 21 is on 2.35. (y)
 
glibc's __vsyslog_internal() function, called by the widely-used syslog and vsyslog functions for writing messages to the system message logger.
Click to expand...
Ugh
 
The researchers pointed out that the vulnerability cannot be exploited remotely. An attacker can trigger the issue by providing crafted inputs to applications that employ these logging functions.
Click to expand...

Nothing burger unless you let hackers play around on your machine it sounds like. Patch and move on.
 
FSCDiablo said:
Nothing burger unless you let hackers play around on your machine it sounds like. Patch and move on.
Click to expand...

y'all don't bring up VMs in the DMZ with port 22 open and root/root as your main user???
 
socK said:
y'all don't bring up VMs in the DMZ with port 22 open and root/root as your main user???
Click to expand...

If you use the root user all the time you are totally unaffected by vulnerabilities such as this one. Win-win :)
 
You must log in or register to reply here.
Back
Top