USN-6409-1: GNU C Library vulnerabilities
3 October 2023
Several security issues were fixed in GNU C Library.
- glibc - GNU C Library
It was discovered that the GNU C Library incorrectly handled the
GLIBC_TUNABLES environment variable. An attacker could possibly use this
issue to perform a privilege escalation attack. (CVE-2023-4911)
It was discovered that the GNU C Library incorrectly handled certain DNS
responses when the system was configured in no-aaaa mode. A remote attacker
could possibly use this issue to cause the GNU C Library to crash,
resulting in a denial of service. This issue only affected Ubuntu 23.04.