Opened 11 months ago
Closed 11 months ago
#5426 closed enhancement (fixed)
glibc-2.39
Reported by: | Xi Ruoyao | Owned by: | Xi Ruoyao |
---|---|---|---|
Priority: | high | Milestone: | 12.1 |
Component: | Website | Version: | git |
Severity: | normal | Keywords: | |
Cc: |
Description
New minor version.
Containing CVE-2023-6246, CVE-2023-6779, and CVE-2023-6780 fixes. CVE-2023-6246 is rated HIGH (7.8 by NVD, 8.4 by Red Hat) as a practically exploitable local privilege escalation.
The fixes are included in glibc-2.38-upstream_fixes-4.patch, but a SA for LFS 11.2 - 12.0 (glibc 2.36 - 2.38) has not been issued yet. Currently the editors seem having a consensus that upgrading Glibc should be safe with some caution, and to ease the security fixes on Glibc we can just tell how to upgrade Glibc safely instead of preparing patches for multiple Glibc versions.
Change History (7)
comment:1 by , 11 months ago
comment:3 by , 11 months ago
Resolution: | → fixed |
---|---|
Status: | new → closed |
Fixed for trunk.
I'll post Glibc SA later (after the new Glibc page is rendered on the server).
comment:4 by , 11 months ago
Component: | Book → Website |
---|---|
Resolution: | fixed |
Status: | closed → reopened |
comment:5 by , 11 months ago
Owner: | changed from | to
---|---|
Status: | reopened → new |
comment:6 by , 11 months ago
Status: | new → assigned |
---|
Deprecated and removed features, and other changes affecting compatibility:
Changes to build and runtime requirements:
Security related changes:
The following CVEs were fixed in this release, details of which can be found in the advisories directory of the release tarball:
The following bugs are resolved with this release: