@AOU DO SOMETHING!!!! >**As security holes go, CVE-2023-4911, aka "Looney Tunables," isn't horrid. It has a Common Vulnerability Scoring System (CVSS) score of 7.8, which is ranked as important, not critical.** On the other hand, this GNU C Library's (glibc) dynamic loader vulnerability is a buffer overflow, which is always big trouble, and it's in pretty much all Linux distributions, so it's more than bad enough. **After all, its discoverers, the Qualys Threat Research Unit, were able to exploit "this vulnerability (a local privilege escalation that grants full root privileges) on the default installations of Fedora 37 and 38, Ubuntu 22.04 and 23.04, and Debian 12 and 13."** Other distributions are almost certainly vulnerable to attack. The one major exception is the highly secure Alpine Linux. **Thanks to this vulnerability, it's trivial to take over most Linux systems as a root user.** As the researchers noted, this exploitation method "works against almost all of the SUID-root programs that are installed by default on Linux." [...] **So, yeah, this is bad news with a capital B for Linux users.** The vulnerability was introduced in April 2021 with the release of glibc 2.34. The flaw is a buffer overflow weakness in the glibc's ld.so dynamic loader, a crucial component responsible for preparing and executing programs on Linux systems. The vulnerability is triggered when processing the GLIBC_TUNABLES environment variable, making it a significant threat to system integrity and security. Lol It's starts with "It's okay, no biggie..." and then it devolves into "OMG EVERYBODY PANIC!!!! IT'S JUST LIKE THE TITANIC, BUT IT'S FULL OF BEARS!!!!"