I saw an item in one of my ZDNet newsletters here ( Patch now: This serious Linux vulnerability affects nearly all distributions | ZDNET.
If you’re using glibc v. 2.34, you should check CVE-2023-4911 at (NVD - CVE-2023-4911) to insure your installation has been patched.
As a side note, we should add a Security category to ItsFOSS Community for posts like this one. I don’t have the authority to do that so I can’t do it myself.
Ernie
I saw that one too. Much of what I manage is in Kubernetes and running on Alpine. That uses musl rather than glibc. Many compatibility issues, but not vulnerable to this CVE.
I know, that information was noted in the article. The thing is that most other users may need to check out which glibc version they have installed, and patch/update it if there’s a newer release available for their distribution. My reason for this post was to provide information to those who may need it.
Ernie
I think most users will automatically get this security patch as long as they keep their package updates up-to-date.
I know, and I hope most GNU/Linux users are intelligent enough to be proactive about keeping their devices up to date. Sadly, we all continually hear about Internet-facing, GNU/Linux-based servers/corporate installations being compromised because their maintainers fail to do so. I posted this item to do my part in helping to spread the word as widely as possible in the hopes this vulnerability will end up being a very minor issue overall.
Ernie
I’m probably in the obsessed group rather than the proactive group. Not only at home but at work too. The procedures around patching at work are pretty rigid and we don’t get to update willy nilly.
I understand that corporate/business related systems management/updating can be restrictive because the servers must be available all the time, but companies should provide exceptions for implementing patches for highly rated vulnerabilities (eight or higher on a ten scale?), don’t you think?
Ernie
I agree. We have done that in the past. I guess the security team decides how critical the patch is.
I get that. Hopefully they know about this issue and have been able to deal with it for your employer’s sake 
Ernie