From c4abc1b08efa217b42971a44b8cd5af616f243f1 Mon Sep 17 00:00:00 2001
From: Solar Designer <solar@openwall.com>
Date: Wed, 15 Nov 2023 22:27:57 +0100
Subject: [PATCH] Add CVE-2023-4911

---
 docs/issues/CVE-2023-4911.md | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 docs/issues/CVE-2023-4911.md

diff --git a/docs/issues/CVE-2023-4911.md b/docs/issues/CVE-2023-4911.md
new file mode 100644
index 0000000..574e5ba
--- /dev/null
+++ b/docs/issues/CVE-2023-4911.md
@@ -0,0 +1,23 @@
+# CVE-2023-4911: glibc: Looney Tunables: buffer overflow in ld.so leading to privilege escalation
+
+## Summary
+
+As described by [Red Hat](https://access.redhat.com/security/cve/CVE-2023-4911) and in [CVE-2023-4911](https://www.cve.org/CVERecord?id=CVE-2023-4911):
+
+A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the `GLIBC_TUNABLES` environment variable. This issue could allow a local attacker to use maliciously crafted `GLIBC_TUNABLES` environment variables when launching binaries with SUID permission to execute code with elevated privileges.
+
+More detail is available in the [public disclosure](https://www.openwall.com/lists/oss-security/2023/10/03/2) by [Qualys](https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so), the team who discovered the issue.
+
+Public disclosure date: October 3, 2023
+
+## EL9
+
+Mitigated in version: `2.34-60.el9_2.security.0.2` available October 3, 2023
+Fixed in version: `glibc-2.34-60.el9_2.7` available October 5, 2023
+
+Besides the upstream fix, we also retained the mitigation in the [Security SIG package of glibc](packages/glibc.md).
+
+## EL8
+
+Fixed in version: `glibc-0:2.28-225.el8_8.6` available October 5, 2023
+Errata: [RLSA-2023:5455](https://errata.rockylinux.org/RLSA-2023:5455) issued October 7, 2023