Sorry Linux Users, glibc 2.37 And 2.36 Have A Serious Vulnerability

Free Root On Debian, Ubuntu, and Fedora

Hey Linux admins, time to update your GNU C Library to 2.38 as glibc 2.37 and glibc 2.36 have a rather nasty vulnerability.  There is a difficult but not impossible to exploit heap-based buffer overflow attack which will give an attacker root access to your devices, at which point you are pretty much hosed.  The glibc vulnerability was proven to work on a wide variety of distros, including Debian 12 and 13, Ubuntu 23.04 and 23.10, and Fedora 37 to 39.  It is very likely other versions are also susceptible.

Just in case your digestion hasn’t been completely ruined, Qualys, the security company that revealed this flaw also found three others.  While they are not quite as horrific, all are related to glibc which is something you really can’t live without.  Time to get patching!

Leave a Reply