This minor Linux bug fix created a much more serious problem

The new bug affected all Linux distros

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

While studying the patch for a recently fixed vulnerability in the GNU C library (glibc),cybersecurityengineers discovered another issue, which they say affected everyLinux distro.

CloudLinuxengineer Nikita Popov chanced upon what can essentially be classified as a denial-of-service vulnerability in the upstream glic. Popov believes the bug, tracked as CVE-2021-38604, can be exploited to cause a segmentation fault, causing an application to crash.

“Bear in mind that glibc provides the main system primitives and is linked with most, if not all, otherLinux applications, including other language compilers and interpreters. It is the second most important component of a system after the Kernel itself,”wrote CloudLinuxin a blog post.

We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and we’d hugely appreciate if you’d share your experiences with us.

Click here to start the survey in a new window«

According to Popov’s analysis, the vulnerability was introduced ironically in the patch that was devised to fix the earlier glibc vulnerability, tracked as CVE-2021-33574.

A patchy fix

Reporting on the development,ZDNetclaims that the first glibc issue wasn’t particularly bad. In fact, aRed Hat engineer explainedthe bug wasn’t easily exploitable and required several conditions to be met before it could negatively impact any app.

The bug still needed to be fixed, but the patch introduced the denial-of-service vulnerability that can reportedly be triggered without much trouble.

CloudLinux published information about the vulnerability and a fix, which has since been rolled into the upstream glibc. Furthermore, it has also submitted a new test for glibc’s automated test suite to prevent the bug from rearing its head again.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Sometimes, changes in unrelated code paths can lead to behaviours changing elsewhere in the code and the programmer not being aware of it. This test will catch this situation,” writes CloudLinux.

ViaZDNet

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

7 myths about email security everyone should stop believing

Your doctor may have an AI assistant taking notes during your next Zoom call