Alerts This Week
Warning Icon 1 1,220
Alerts This Week
Warning Icon 1 1,220

Fedora 41 glibc Security Advisory 2024-846e191001: critical getrandom issue

fedora
Calendar Grey December 19, 2024
Dist Fedora Esm H88
Enhance address safety protocols in getrandom and arc4random for Fedora, preserving system stability and efficiency.
This update addresses a security vulnerability in the getrandom and arc4random implementation (CVE-2024-12455) on POWER systems (pcpc64le)

Summary

The glibc package contains standard libraries which are used by

multiple programs on the system. In order to save disk space and

memory, as well as to make upgrading easier, common system code is

kept in one place and shared between programs. This particular package

contains the most important sets of shared libraries: the standard C

library and the standard math library. Without these two libraries, a

Linux system will not function.

Update Information:

This update addresses a security vulnerability in the getrandom and arc4random implementation (CVE-2024-12455) on POWER systems (pcpc64le). Other architectures are not affected.

Change Log

* Sun Dec 15 2024 Florian Weimer - 2.40-14 - Minor update to getrandom vDSO handshake * Wed Dec 11 2024 Florian Weimer - 2.40-13 - CVE-2024-12455: Incorrect getrandom return value on ppc64le

References


[ 1 ] Bug #2332112 - CVE-2024-12455 glibc: glibc in Fedora 41 ships a broken getrandom/arc4random for ppc64le platform [fedora-41] https://bugzilla.redhat.com/show_bug.cgi?id=2332112

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-846e191001' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: glibc
Product: Fedora 41
Version: 2.40
Release: 14.fc41
URL:
Summary: The GNU libc libraries

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here