😱
New Glibc Flaw Grants Attackers Root Access on Major Linux Distros
Submitted 9 months ago by costalfy@programming.dev to linux@programming.dev
https://thehackernews.com/2024/01/new-glibc-flaw-grants-attackers-root.html?m=1
Comments
crispy_kilt@feddit.de 9 months ago
banghida@lemm.ee 9 months ago
Pls no
crispy_kilt@feddit.de 9 months ago
Don’t worry, it’s extremely unlikely, given how large and ancient glibc is. The most that might happen is that some new parts are implemented in Rust.
jeremyparker@programming.dev 9 months ago
Noob question: that’s a really old library, right? Has this issue been there for decades before someone found it, or is this vulnerability part of some newer addition to it?
swordsmanluke@programming.dev 9 months ago
glibc is the library that provides basic functionality for C programs. It provides the bottom level implementation for things like opening files, requesting memory, and other OS-level stuff.
glibc isn’t the only implementation out there. Even on Linux, there are other options, such as muslc.
It gets updated regularly, as the C standard or operating system needs. So while it has been around for a very long time (by software standards anyway) it’s still an active and evolving piece of software. --and one that underpins many critical functions of our systems.
CameronDev@programming.dev 9 months ago
Its been around a long time, but evolves with the C standard and the linux kernel. It is basically a layer between C and the kernel.
corsicanguppy@lemmy.ca 9 months ago
Major Linux Distros: all unaffected.
rzlatic@lemmy.ml 9 months ago
updated glibc just landed on fedora this morning.
costalfy@programming.dev 9 months ago
Archlinux not affected either archlinux.org/packages/core/x86_64/glibc/
FrostyPolicy@suppo.fi 9 months ago
OpenSuse Tumbleweed uses 2.38 so not affected by this.
sep@lemmy.world 9 months ago
Very well executed responsible disclosure. Good to see all the linux distro’s and vendors cooperating. Read the timeline :
blog.qualys.com/…/qualys-tru-discovers-important-…