## This update for glibc fixes the following issues: Fixed security issues: * CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) * CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) * CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) * CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) * CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) * CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: * Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) * Fix segfault in wcsncmp (bsc#1228041)
* bsc#1221482
* bsc#1221940
* bsc#1222992
* bsc#1223423
* bsc#1223424
* bsc#1223425
* bsc#1228041
Cross-
* CVE-2024-2961
* CVE-2024-33599
* CVE-2024-33600
* CVE-2024-33601
* CVE-2024-33602
CVSS scores:
* CVE-2024-2961 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
* CVE-2024-2961 ( NVD ): 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-33599 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
* CVE-2024-33599 ( NVD ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
* CVE-2024-33600 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-33600 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
* CVE-2024-33601 ( SUSE ): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Get the latest Linux and open source security news straight to your inbox.