Looney Tunables exploit can gain root shell in several linux distros including Debian 12 and 13. So, Sparky Linux is vulnerable too.
Download the python script:
https://haxx.in/files/gnu-acme.pyand run it:
python3 gnu-acme.py
In a Sparky Linux 7.1 installation:
(https://eu2.contabostorage.com/6371d7d3c707451e919f6ef0011c40dd:erequiem/er/thumbnail-cb041f4d-ed1f-4cdc-bf58-ed27cdaa4d93.webp)
The vulnerability is fixed in glibc 2.37+
In Debian stable (12) the latest version is 2.31-13+deb11u7 witch is vulnerable:
https://packages.debian.org/source/bullseye/glibc
In testing and sid it's 2.37-12, it must be fixed:
https://packages.debian.org/source/trixie/glibc
So MAYBE it can be fixed by updating the package from the sid repos.
No need to use unstable repos. Debian announced a bug fix for glibc v 2.36-9+deb12u3.
So, ultimately that story you're telling, does NOT affect SparkyLinux at all ... (https://i.imgur.com/HvUy51i.gif)
I love you too.
More about "Looney Tunables":
https://www.gnu.org/software/libc/manual/html_node/Tunables.html
https://www.qualys.com/2023/10/03/cve-2023-4911/looney-tunables-local-privilege-escalation-glibc-ld-so.txt
Quote from: jidan on October 07, 2023, 07:55:06 PMLooney Tunables exploit can gain root shell in several linux distros including Debian 12 and 13. So, Sparky Linux is vulnerable too.
[....]
Stop making a fool of yourself for once and for all ... (https://i.imgur.com/OxkTPyR.gif)
(https://i.imgur.com/uZvkZOF.gif) PT
Quote from: jidan on October 08, 2023, 12:43:51 AMNo need to use unstable repos. Debian announced a bug fix for glibc v 2.36-9+deb12u3.
New installed Sparky Linux is affected.
After the last Debian update this bug is fixed. So, update asap after installation.
(https://i.ibb.co/6g3Cm4v/looney-debian1.jpg)
This just proves that paying attention to the Critical Vulnerabilities and exploits of both your operating system/Distribution and which ever packages that you install and maybe even avoid following links.
Pavroo solved the issue by releasing updated isos of the distro, all new installed Sparkies will be fixed.
Thanx again Pavroo ;)