Vulnerability in iconv identified by TuxCare Team (CVE-2021-43396)


Iconv is a library used to convert between different character encodings and is part of a core group of tools and libraries used to perform basic level tasks called glibc (GNU C Library). According to the venerable glibc documentation, it enables the conversion of characters between 150 different character sets.

During regular work on TuxCare’s Extended Lifecycle Support (ELS) service, where patches are created or backported to older Linux distributions that are past their end-of-life date, the team identified a previously unknown vulnerability in a code path inside iconv. But, of course, finding the bug is just half the work, so a fix was also developed and submitted upstream.

Patches for systems covered by ELS are already available for deployment.

Continue reading “Vulnerability in iconv identified by TuxCare Team (CVE-2021-43396)”