From BeepingComputer.
It says “sysadmins should prioritise patching”, but… has it been patched yet?
Just like…make a patch. It’s not that hard lol /j
To show you the power of Flex Tape, I sawed this library in half!
Yes, most of the major distributions have package updates with the fix. A few people have mentioned updates for Arch, Debian, and RedHat already.
Ubuntu released an update yesterday as well:
https://launchpad.net/ubuntu/+source/glibc/2.35-0ubuntu3.4
Ubuntu derivatives such as Pop!_OS should have also received this update, along with the X11 patches.
I wonder if this could be used to root previously unrootable Android based devices.
Android doesn’t use glibc, but Bionic, a C standard library developed by Google. So I don’t think this vulnerability affects Android.
What the heck. I thought, they were using musl.
Certainly seems like this has rather similar goals to musl…That’s no reason for Google not to reinvent the wheel…
They did the same with dalvik and ART now. JVMs, but more googlier!
And Quic, and Pony express, and GFS…
Think Android uses Bionic instead of glibc (where the vulnerability is being exploited).
Wonder if musl is fine. If so,Void people are certainly having fun now.
A new Linux vulnerability known as ‘Looney Tunables’ enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library’s ld.so dynamic loader.
It’s always memory management
It’s always memory management
No wonder everyone’s crazy about Rust.
It’s certainly why it is being used to build browsers and OSs now. Those are places were memory management problems are a huge problem. It probably doesn’t make sense for every match 3 game to be made in Rust, but when errors cause massive breaches or death, it’s a lot safer than C++, taking human faulability into account.
What makes rust so resiliant against these types of atacks?
