Glibc is currently under active attack

glibc is currently under active attack…
german: Jetzt patchen! Exploits für glibc-Lücke öffentlich verfügbar | heise online
So what?

3 Likes

I also read yesterday a dangerous article about it and today with a new update:

https://www.computerbase.de/2023-10/schwachstelle-in-c-bibliothek-looney-tunables-gefaehrdet-zahlreiche-linux-systeme/

Update 06.10 (in German):
Wie aus einem Bericht von Bleeping Computer hervorgeht, haben andere Sicherheitsforscher inzwischen erste Exploits für Looney Tunables veröffentlicht. Einer davon stammt von dem Niederländer Peter Geissler, auch bekannt unter dem Namen blasty. Geissler hat seinen Exploit auf X geteilt – ein anderer Schwachstellen- und Exploit-Experte namens Will Dormann bestätigte dessen Funktionsfähigkeit daraufhin.

We need this update in stable branch, soon as possible.

2 Likes

CVE-2023-4911 is addressed with glibc 2.38-7 currently available in our unstable and testing branches.

4 Likes

1.Is there any ETA how long it takes till we get this update for stable branch?

2.Most other distros has this patch 2 days ago.
Every Manjaro user should need this update quick as possible… everyone in stable branch
can be attacked and infected by ransomware.

Why don’t make a exception, because of the big issue and move it to stable right now?

3.How can we switch to testing branch just for this one time and switch back to stable branch after it?

1 Like

Here’s instructions for switching branches. If you switch back to Stable, all packages will remain the same (as the branch you switched to) until Stable catches up

3 Likes

Fixed with the latest update.

3 Likes