A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "libc6-s390-dbgsym": "2.35-0ubuntu3.4", "libc6-dev": "2.35-0ubuntu3.4", "libc6-dev-s390": "2.35-0ubuntu3.4", "libc6-dev-i386": "2.35-0ubuntu3.4", "locales-all": "2.35-0ubuntu3.4", "libc6-amd64-dbgsym": "2.35-0ubuntu3.4", "glibc-source": "2.35-0ubuntu3.4", "libc6-dev-amd64": "2.35-0ubuntu3.4", "nscd-dbgsym": "2.35-0ubuntu3.4", "nscd": "2.35-0ubuntu3.4", "glibc-doc": "2.35-0ubuntu3.4", "libc6-dbg": "2.35-0ubuntu3.4", "libc6": "2.35-0ubuntu3.4", "libc-bin": "2.35-0ubuntu3.4", "libc6-i386": "2.35-0ubuntu3.4", "libc6-dev-x32": "2.35-0ubuntu3.4", "libc-bin-dbgsym": "2.35-0ubuntu3.4", "libc-dev-bin": "2.35-0ubuntu3.4", "libc6-amd64": "2.35-0ubuntu3.4", "libc6-x32": "2.35-0ubuntu3.4", "libc6-prof": "2.35-0ubuntu3.4", "libc-devtools": "2.35-0ubuntu3.4", "libc-devtools-dbgsym": "2.35-0ubuntu3.4", "libc6-s390": "2.35-0ubuntu3.4", "libc6-i386-dbgsym": "2.35-0ubuntu3.4", "locales": "2.35-0ubuntu3.4", "libc-dev-bin-dbgsym": "2.35-0ubuntu3.4", "libc6-x32-dbgsym": "2.35-0ubuntu3.4" } ], "priority_reason": "Local privilege escalation in a package that is installed on all Ubuntu instances." }
{ "availability": "No subscription required", "ubuntu_priority": "high", "binaries": [ { "libc6-s390-dbgsym": "2.38-1ubuntu6", "libc6-dev": "2.38-1ubuntu6", "libc6-dev-s390": "2.38-1ubuntu6", "libc6-dev-i386": "2.38-1ubuntu6", "locales-all": "2.38-1ubuntu6", "libc6-amd64-dbgsym": "2.38-1ubuntu6", "glibc-source": "2.38-1ubuntu6", "libc6-dev-amd64": "2.38-1ubuntu6", "nscd-dbgsym": "2.38-1ubuntu6", "nscd": "2.38-1ubuntu6", "glibc-doc": "2.38-1ubuntu6", "libc6-dbg": "2.38-1ubuntu6", "libc6": "2.38-1ubuntu6", "libc-bin": "2.38-1ubuntu6", "libc6-i386": "2.38-1ubuntu6", "libc6-dev-x32": "2.38-1ubuntu6", "libc-bin-dbgsym": "2.38-1ubuntu6", "libc-dev-bin": "2.38-1ubuntu6", "libc6-amd64": "2.38-1ubuntu6", "libc6-x32": "2.38-1ubuntu6", "libc6-prof": "2.38-1ubuntu6", "libc-devtools": "2.38-1ubuntu6", "libc-devtools-dbgsym": "2.38-1ubuntu6", "libc6-s390": "2.38-1ubuntu6", "libc6-i386-dbgsym": "2.38-1ubuntu6", "libc6-dev-dbgsym": "2.38-1ubuntu6", "locales": "2.38-1ubuntu6", "libc-dev-bin-dbgsym": "2.38-1ubuntu6", "libc6-x32-dbgsym": "2.38-1ubuntu6" } ], "priority_reason": "Local privilege escalation in a package that is installed on all Ubuntu instances." }