I am not able to apply the fix of CVE-2023-4911 shared by Redhat, it looks like the same thing cannot be applied on Almalinux 8.
Did anyone have any idea about this since nothing is working?
How did you “apply” and how you see the “not working”?
AFAIK, patched (aka fixed) version of glibc package has already been released for
both AlmaLinux 8 and 9. Therefore, the “apply” would be:
dnf up && systemctl reboot
Please help me with the version info which is fixed.
I did already say dnf up. That gets what AlmaLinux repos have (unless you have disabled access to those repos).
If you want to see changelog of installed package, then rpm is the tool:
[Alma9]# rpm -q glibc ; rpm -q --changelog glibc | head
glibc-2.34-60.el9_2.7.x86_64
* Mon Sep 25 2023 Florian Weimer <fweimer@redhat.com> - 2.34-60.7
- Fix memory leak regression in getaddrinfo (RHEL-2425)
* Tue Sep 19 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-60.6
- CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-2999)
* Tue Sep 19 2023 Carlos O'Donell <carlos@redhat.com> - 2.34-60.5
- Revert: Always call destructors in reverse constructor order (RHEL-3385)
* Mon Sep 18 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.34-60.4
[Alma8]# rpm -q glibc ; rpm -q --changelog glibc | head
glibc-2.28-225.el8_8.6.x86_64
* Wed Sep 20 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-236.6
- CVE-2023-4911 glibc: buffer overflow in ld.so leading to privilege escalation (RHEL-3035)
* Tue Sep 19 2023 Carlos O'Donell <carlos@redhat.com> - 2.28-236.5
- Revert: Always call destructors in reverse constructor order (#2237433)
* Mon Sep 18 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-225.4
- CVE-2023-4806: potential use-after-free in getaddrinfo (RHEL-2422)
* Fri Sep 15 2023 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.28-225.3