[Security] CVE-2023-4911 (Looney Tunables) : ARDC Support

[Security] CVE-2023-4911 (Looney Tunables)

Jake Yip

started a topic 7 months ago

Qualys has announced a new vulnerability affecting glibc nicknamed Looney Tunables. Details of this can be found at

https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so .

Nectar images have automatic security updates turned on, and should be automatically patched if a security patch is available. Refer to this support page article for the list of images.

Currently, the following images are affected.

Ubuntu 22.04 - Patch available
Fedora 37 and 38 - Patch available
RedHat and derivatives - Workaround available

If you do not have automatic security updates, you are advised to patch it manually.

If you have automatic security updates, you may want to check if it has been applied.

If you need support, please reach out to the Nectar Cloud HelpDesk: https://support.ehelp.edu.au/

Below are related vendors' links tracking this CVE

https://ubuntu.com/security/CVE-2023-4911

https://access.redhat.com/security/cve/cve-2023-4911

https://security-tracker.debian.org/tracker/source-package/glibc

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DBUQRRPB47TC3NJOUIBVWUGFHBJAFDL/

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NDAQWHTSVOCOZ5K6KPIWKRT3JX4RTZUR/