1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • This minor Linux bug fix created a much more serious problem

    From TechnologyDaily@1337:1/100 to All on Tue Aug 17 13:15:04 2021
    This minor Linux bug fix created a much more serious problem

    Date:
    Tue, 17 Aug 2021 11:58:26 +0000

    Description:
    An improper fix for a difficult to exploit bug introduced another thats a lot easier to trigger.

    FULL STORY ======================================================================

    While studying the patch for a recently fixed vulnerability in the GNU C library (glibc), cybersecurity engineers discovered another issue, which they say affected every Linux distro .

    CloudLinux engineer Nikita Popov chanced upon what can essentially be classified as a denial-of-service vulnerability in the upstream glic. Popov believes the bug, tracked as CVE-2021-38604, can be exploited to cause a segmentation fault, causing an application to crash.

    Bear in mind that glibc provides the main system primitives and is linked
    with most, if not all, other Linux applications , including other language compilers and interpreters. It is the second most important component of a system after the Kernel itself, wrote CloudLinux in a blog post. TechRadar needs you!

    We're looking at how our readers use VPNs with streaming sites like Netflix
    so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

    Click here to start the survey in a new window << Here's our choice of the best malware removal software on the market These are the best ransomware protection tools Protect your devices with these best antivirus software

    According to Popovs analysis, the vulnerability was introduced ironically in the patch that was devised to fix the earlier glibc vulnerability, tracked as CVE-2021-33574. A patchy fix

    Reporting on the development, ZDNet claims that the first glibc issue wasnt particularly bad. In fact, a Red Hat engineer explained the bug wasnt easily exploitable and required several conditions to be met before it could negatively impact any app.

    The bug still needed to be fixed, but the patch introduced the denial-of-service vulnerability that can reportedly be triggered without much trouble.

    CloudLinux published information about the vulnerability and a fix, which has since been rolled into the upstream glibc. Furthermore, it has also submitted a new test for glibcs automated test suite to prevent the bug from rearing
    its head again.

    Sometimes, changes in unrelated code paths can lead to behaviours changing elsewhere in the code and the programmer not being aware of it. This test
    will catch this situation, writes CloudLinux. We've put together a list of
    the best endpoint protection software

    Via ZDNet



    ======================================================================
    Link to news story: https://www.techradar.com/news/this-minor-linux-bug-fix-created-a-much-more-se rious-problem/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)