The article highlights a successful year for the GCC compiler and GNU ecosystem in 2025, featuring new language front-ends like ALGOL 68 and COBOL, ongoing improvements in Rust support, performance optimizations, support for AMD Zen 6, and various releases including Bash 5.3, Emacs 30.1, and Coreutils 9.8, along with discussions on deprecating the GNU Gold linker and expanding CPU architecture support.
A new security flaw in the GNU C library (glibc) allows local attackers to gain root access on Linux machines, impacting major distributions like Debian, Ubuntu, and Fedora. The vulnerability, tracked as CVE-2023-6246, is a heap-based buffer overflow in the __vsyslog_internal() function and was accidentally introduced in glibc 2.37. Further analysis also revealed two more flaws in the same function and a bug in the qsort() function, affecting all glibc versions released since 1992. This comes after a previous high-severity flaw in glibc was detailed by Qualys, emphasizing the critical need for strict security measures in software development.
A newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc) allows unprivileged attackers to gain root access on major Linux distributions, impacting Debian, Ubuntu, and Fedora systems. Tracked as CVE-2023-6246, the flaw was accidentally introduced in glibc 2.37 and later backported to glibc 2.36, posing a significant threat due to the widespread use of the affected library. Qualys researchers also found three other vulnerabilities in glibc, emphasizing the critical need for strict security measures in software development. This is not the first time Qualys has found Linux root escalation flaws, as they have previously discovered vulnerabilities in glibc's ld.so dynamic loader, Polkit's pkexec component, the Kernel's filesystem layer, and the Sudo Unix program.
