• Tuesday, October 17, 2023

Ubuntu has released a security update to fix GNU C Library vulnerability CVE-2023-4911 where the GNU C Library incorrectly handled the GLIBC_TUNABLES environment variable and an attacker could possibly use this issue to perform a privilege escalation attack.

The update is available for Ubuntu 22.04 LTS (Jammy) only. You can ignore this announcement if you only use Ubuntu 20.04 LTS (Focal) and 18.04 LTS (Bionic).

The update should happen automatically by Ubuntu for all Ubuntu 22.04 LTS (Jammy) servers, but it will require a reboot for the update to take effect.

You can check if your server(s) has been updated by running ldd --version command from the terminal to get the glibc version. it should show ldd (Ubuntu GLIBC 2.35-0ubuntu3.4) when the server has been updated by Ubuntu. 

If your server(s) has not been updated yet and you cannot wait for the automatic security update, you can run apt update && unattended-upgrade -d command.

Once you have confirmed that your server(s) has been updated by Ubuntu, please reboot your server(s) to make all the necessary changes.

Please reach out to support if you have any questions.