CVE-2023-4911: https://nvd.nist.gov/vuln/detail/CVE-2023-4911
A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching binaries with SUID permission to execute code with elevated privileges.
Base Score: High
Reference:
['libc6_2.31-13+deb11u6_amd64.deb===>libc6_2.31-13+deb11u7_amd64.deb', 'libc6-dev_2.31-13+deb11u6_amd64.deb===>libc6-dev_2.31-13+deb11u7_amd64.deb', 'libc-bin_2.31-13+deb11u6_amd64.deb===>libc-bin_2.31-13+deb11u7_amd64.deb', 'libc-dev-bin_2.31-13+deb11u6_amd64.deb===>libc-dev-bin_2.31-13+deb11u7_amd64.deb', 'libc-l10n_2.31-13+deb11u6_all.deb===>libc-l10n_2.31-13+deb11u7_all.deb', 'locales_2.31-13+deb11u6_all.deb===>locales_2.31-13+deb11u7_all.deb', 'locales-all_2.31-13+deb11u6_amd64.deb===>locales-all_2.31-13+deb11u7_amd64.deb']
https://www.debian.org/security/2023/dsa-5514
https://www.tenable.com/plugins/nessus/182473
Fix proposed to branch: master
Review: https:/