SUSE: 2024:1977-1 Important: glibc Security Issues Addressed

suse

June 11, 2024

* bsc#1222992 * bsc#1223423 * bsc#1223424 * bsc#1223425

Summary

## This update for glibc fixes the following issues: * nscd: Release read lock after resetting timeout * nscd: Fix use-after-free in addgetnetgrentX (BZ #23520) * CVE-2024-33599; nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423, BZ #31677) * CVE-2024-33600; nscd: Avoid null pointer crashes after notfound response (bsc#1223424, BZ #31678) * CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424, BZ #31678) * CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425, BZ #31680) * CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) * CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) ## Patch Instructions:

Topics Covered

security advisory network security buffer overflow bug fix important glibc SUSE

References

* bsc#1222992

* bsc#1223423

* bsc#1223424

* bsc#1223425

Cross-

* CVE-2024-2961

* CVE-2024-33599

* CVE-2024-33600

* CVE-2024-33601

* CVE-2024-33602

CVSS scores:

* CVE-2024-2961 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

* CVE-2024-33599 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H

* CVE-2024-33600 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-33601 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-33602 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products:

* SUSE Linux Enterprise High Performance Computing 15 SP2

* SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2

* SUSE Linux Enterprise Server 15 SP2

* SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:1977-1

Rating: important

Topics Covered

security advisory network security buffer overflow bug fix important glibc SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE: 2024:1977-1 Important: glibc Security Issues Addressed

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE: 2024:1977-1 Important: glibc Security Issues Addressed

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!