Knowledge Base

CVE-2023-4911: Vulnerability in glibc’s ld.so

 
almalinuxdebianlinuxostechnical questions

Situation

CVE-2023-4911 was discovered in glibc's ld.so.

Impact

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable (CVE-2023-4911). This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.

Call to action

The vulnerability affects the system library. Plesk doesn't ship its own glibc. So, it is fixed by the system package's update.
 
OS vendor's advisories should be followed to update the vulnerable library.

These Linux distributions have already published fixes:

  • Ubuntu issued fixes for glibc in 22.04, 23.04. Ubuntu 20 (focal) is not vulnerable.
  • RHEL 8,9 are fixed.
  • Debian 11, 12 issued fixes for glibc.
  • AlmaLinux 8 and 9 are fixed.
  • Rocky Linux 8 was fixed.
Read the full article
Related Posts
Knowledge Base

Hosting Wiki

Industry
Partners

industry-partner_ALIBABA
industry-partner_GOOGLEPARTNER
industry-partner_MICROSOFT
industry-partner_REDHAT-r2
industry-partner_ALIBABA
industry-partner_AUTOMATTIC
industry-partner_AWS
industry-partner_DIGITALOCEAN
industry-partner_SCALEWAY

© 2025 WebPros International GmbH. All rights reserved. Plesk and the Plesk logo are trademarks of WebPros International GmbH.

Managed with love with Plesk WP Toolkit