Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE Linux: 2024:1675-1 Important: Glibc Buffer Overflow and More

suse
Calendar Grey May 17, 2024
Dist Suse Esm H88
SUSE Linux has issued a Security Update for glibc to tackle severe concerns and improve defense mechanisms against security flaws.
* bsc#1222992 * bsc#1223423 * bsc#1223424 * bsc#1223425

Summary

## This update for glibc fixes the following issues: * nscd: Fixed use-after-free in addgetnetgrentX (BZ #23520) * CVE-2024-33599: nscd: Fixed Stack-based buffer overflow in netgroup cache (bsc#1223423, BZ #31677) * CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424, BZ #31678) * CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424, BZ #31678) * CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (CVE-2024-33601, bsc#1223425, BZ #31680) * CVE-2024-33602; Use time_t for return type of addgetnetgrentX (bsc#1223425) * CVE-2024-2961: iconv: ISO-2022-CN-EXT: Fixed out-of-bound writes when writing escape sequence (bsc#1222992) ## Patch Instructions:

Topics%20covered

Topics Covered

security advisory buffer overflow glibc important update nscd SUSE Linux Enterprise out-of-bound writes

References

* bsc#1222992

* bsc#1223423

* bsc#1223424

* bsc#1223425

Cross-

* CVE-2024-2961

* CVE-2024-33599

* CVE-2024-33600

* CVE-2024-33601

* CVE-2024-33602

CVSS scores:

* CVE-2024-2961 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

* CVE-2024-33599 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

* CVE-2024-33600 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-33601 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-33602 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* SUSE Linux Enterprise High Performance Computing 12 SP5

* SUSE Linux Enterprise Server 12 SP5

* SUSE Linux Enterprise Server for SAP Applications 12 SP5

* SUSE Linux Enterprise Software Development Kit 12 SP5

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1675-1
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow glibc important update nscd SUSE Linux Enterprise out-of-bound writes

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here