Описание
Security update for glibc
This update for glibc fixes the following issues:
- nscd: Fixed use-after-free in addgetnetgrentX (BZ #23520)
- CVE-2024-33599: nscd: Fixed Stack-based buffer overflow in netgroup cache (bsc#1223423, BZ #31677)
- CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424, BZ #31678)
- CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424, BZ #31678)
- CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601, bsc#1223425, BZ #31680)
- CVE-2024-33602; Use time_t for return type of addgetnetgrentX (bsc#1223425)
- CVE-2024-2961: iconv: ISO-2022-CN-EXT: Fixed out-of-bound writes when writing escape sequence (bsc#1222992)
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
Container suse/sles12sp5:latest
Image SLES12-SP5-Azure-BYOS
Image SLES12-SP5-Azure-Basic-On-Demand
Image SLES12-SP5-Azure-HPC-BYOS
Image SLES12-SP5-Azure-HPC-On-Demand
Image SLES12-SP5-Azure-SAP-BYOS
Image SLES12-SP5-Azure-SAP-On-Demand
Image SLES12-SP5-Azure-Standard-On-Demand
Image SLES12-SP5-EC2-BYOS
Image SLES12-SP5-EC2-ECS-On-Demand
Image SLES12-SP5-EC2-On-Demand
Image SLES12-SP5-EC2-SAP-BYOS
Image SLES12-SP5-EC2-SAP-On-Demand
Image SLES12-SP5-GCE-BYOS
Image SLES12-SP5-GCE-On-Demand
Image SLES12-SP5-GCE-SAP-BYOS
Image SLES12-SP5-GCE-SAP-On-Demand
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
Ссылки
- Link for SUSE-SU-2024:1675-1
- E-Mail link for SUSE-SU-2024:1675-1
- SUSE Security Ratings
- SUSE Bug 1222992
- SUSE Bug 1223423
- SUSE Bug 1223424
- SUSE Bug 1223425
- SUSE CVE CVE-2024-2961 page
- SUSE CVE CVE-2024-33599 page
- SUSE CVE CVE-2024-33600 page
- SUSE CVE CVE-2024-33601 page
- SUSE CVE CVE-2024-33602 page
Описание
The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.
Затронутые продукты
Ссылки
- CVE-2024-2961
- SUSE Bug 1222992
- SUSE Bug 1223019
Описание
nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Затронутые продукты
Ссылки
- CVE-2024-33599
- SUSE Bug 1223423
- SUSE Bug 1223530
Описание
nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Затронутые продукты
Ссылки
- CVE-2024-33600
- SUSE Bug 1222992
- SUSE Bug 1223424
- SUSE Bug 1223589
Описание
nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Затронутые продукты
Ссылки
- CVE-2024-33601
- SUSE Bug 1223426
Описание
nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary.
Затронутые продукты
Ссылки
- CVE-2024-33602
- SUSE Bug 1223425