You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Expected behavior
Security issue has been fixed on glibc 2.39, but backported to 2.36-9+deb12u4, 2.36-9+deb12u3 remains vulnerable, docker image should use the patched library 2.36-9+deb12u4
Thanks for the issue. This will be automatically fixed in the next release. It's not super critical due to the very limited exposure of this particular issue in the container, but it'll obviously get fixed. Thanks!
Describe the bug
To Reproduce
ldd --version
ldd (Debian GLIBC 2.36-9+deb12u3) 2.36
'Expected behavior
Security issue has been fixed on glibc 2.39, but backported to 2.36-9+deb12u4, 2.36-9+deb12u3 remains vulnerable, docker image should use the patched library 2.36-9+deb12u4
Error messages
n/a
Additional context
Flagged as HIGH: https://nvd.nist.gov/vuln/detail/CVE-2023-6246
https://www.kaspersky.com/blog/cve-2023-6246-glibc-vulnerability/50369/
https://thehackernews.com/2024/01/new-glibc-flaw-grants-attackers-root.html
https://www.bleepingcomputer.com/news/security/new-linux-glibc-flaw-lets-attackers-get-root-on-major-distros/
https://security-tracker.debian.org/tracker/CVE-2023-6246
Proposed fix
Rebuild the images with security updates from debian
The text was updated successfully, but these errors were encountered: