GLIBC Vulnerability on Servers Serving PHP

Alexia Stein, Community Deputy Lead

Last week, CVE-2024-2961 was announced. In brief, systems using glibc and serving php content could potentially be at risk. The vulnerability is related to the ISO-2022-CN-EXT character set.

While at the time of writing this article there is no glibc package with the fix, a small workaround to disable the compromised character set is advised.

First, let us check if the system has the compromised set, running iconv -l | grep -E 'CN-?EXT'

If there is no output, the system is safe to this vulnerability. If the output is similar to the one below, the system is vulnerable. Read below for the steps to fix it.

[lexi@emerald gconv]$ iconv -l | grep -E 'CN-?EXT'

Browse to /usr/lib64/gconv/gconv-modules.d

Edit gconv-modules-extra.conf

Go to line 1254 and comment out the following:

 alias ISO2022CNEXT//          ISO-2022-CN-EXT//
 module        ISO-2022-CN-EXT//       INTERNAL                ISO-2022-CN-EXT 1
 module        INTERNAL                ISO-2022-CN-EXT//       ISO-2022-CN-EXT 1

do sudo iconvconfig to regenerate the cache.

now, running iconv -l | grep -E 'CN-?EXT' should return no output.