=====================================================================

                               CERT-Renater

                     Note d'Information No. 2023/VULN382

_____________________________________________________________________

DATE                : 06/10/2023

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Gentoo linux running glibc versions prior to
                                     2.37-r7.

=====================================================================
https://security.gentoo.org/glsa/202310-03
_____________________________________________________________________

  glibc: Multiple vulnerabilities — GLSA 202310-03

Multiple vulnerabilities in glibc could result in Local Privilege
Escalation.

Affected packages
Package 	sys-libs/glibc on all architectures

Affected versions 	< 2.37-r7

Unaffected versions 	>= 2.37-r7


Background

glibc is a package that contains the GNU C library.


Description

Multiple vulnerabilities have been discovered in glibc. Please
review the CVE identifiers referenced below for details.


Impact

An attacker could elevate privileges from a local user to root.


Workaround

There is no known workaround at this time.


Resolution

All glibc users should upgrade to the latest version:

  # emerge --sync
  # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.37-r7"

References

     CVE-2022-39046
     CVE-2023-4527
     CVE-2023-4806
     CVE-2023-4911



=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================