An update for glibc is now available for openEuler-22.03-LTS-SP3
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2024-1691
Final
1.0
1.0
2024-06-07
Initial
2024-06-07
2024-06-07
openEuler SA Tool V1.0
2024-06-07
glibc security update
An update for glibc is now available for openEuler-22.03-LTS-SP3.
The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more.
Security Fix(es):
nscd: Stack-based buffer overflow in netgroup cache
If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted
by client requests then a subsequent client request for netgroup data
may result in a stack-based buffer overflow. This flaw was introduced
in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
(CVE-2024-33599)
nscd: Null pointer crashes after notfound response
If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
netgroup response to the cache, the client request can result in a null
pointer dereference. This flaw was introduced in glibc 2.15 when the
cache was added to nscd.
This vulnerability is only present in the nscd binary.
(CVE-2024-33600)
nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
(CVE-2024-33601)
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
(CVE-2024-33602)
An update for glibc is now available for openEuler-22.03-LTS-SP3.
openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
High
glibc
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1691
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-33599
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-33600
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-33601
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2024-33602
https://nvd.nist.gov/vuln/detail/CVE-2024-33599
https://nvd.nist.gov/vuln/detail/CVE-2024-33600
https://nvd.nist.gov/vuln/detail/CVE-2024-33601
https://nvd.nist.gov/vuln/detail/CVE-2024-33602
openEuler-22.03-LTS-SP3
glibc-debugutils-2.34-150.oe2203sp3.aarch64.rpm
glibc-locale-archive-2.34-150.oe2203sp3.aarch64.rpm
glibc-debuginfo-2.34-150.oe2203sp3.aarch64.rpm
glibc-locale-source-2.34-150.oe2203sp3.aarch64.rpm
glibc-devel-2.34-150.oe2203sp3.aarch64.rpm
glibc-compat-2.17-2.34-150.oe2203sp3.aarch64.rpm
glibc-all-langpacks-2.34-150.oe2203sp3.aarch64.rpm
libnsl-2.34-150.oe2203sp3.aarch64.rpm
nss_modules-2.34-150.oe2203sp3.aarch64.rpm
glibc-common-2.34-150.oe2203sp3.aarch64.rpm
glibc-2.34-150.oe2203sp3.aarch64.rpm
glibc-debugsource-2.34-150.oe2203sp3.aarch64.rpm
nscd-2.34-150.oe2203sp3.aarch64.rpm
glibc-nss-devel-2.34-150.oe2203sp3.aarch64.rpm
glibc-help-2.34-150.oe2203sp3.noarch.rpm
glibc-2.34-150.oe2203sp3.src.rpm
libnsl-2.34-150.oe2203sp3.x86_64.rpm
glibc-compat-2.17-2.34-150.oe2203sp3.x86_64.rpm
glibc-common-2.34-150.oe2203sp3.x86_64.rpm
glibc-all-langpacks-2.34-150.oe2203sp3.x86_64.rpm
nss_modules-2.34-150.oe2203sp3.x86_64.rpm
glibc-devel-2.34-150.oe2203sp3.x86_64.rpm
glibc-locale-archive-2.34-150.oe2203sp3.x86_64.rpm
glibc-locale-source-2.34-150.oe2203sp3.x86_64.rpm
glibc-2.34-150.oe2203sp3.x86_64.rpm
glibc-debugutils-2.34-150.oe2203sp3.x86_64.rpm
glibc-debuginfo-2.34-150.oe2203sp3.x86_64.rpm
nscd-2.34-150.oe2203sp3.x86_64.rpm
glibc-nss-devel-2.34-150.oe2203sp3.x86_64.rpm
glibc-debugsource-2.34-150.oe2203sp3.x86_64.rpm
nscd: Stack-based buffer overflow in netgroup cache
If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted
by client requests then a subsequent client request for netgroup data
may result in a stack-based buffer overflow. This flaw was introduced
in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
2024-06-07
CVE-2024-33599
openEuler-22.03-LTS-SP3
High
7.6
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
glibc security update
2024-06-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1691
nscd: Null pointer crashes after notfound response
If the Name Service Cache Daemon's (nscd) cache fails to add a not-found
netgroup response to the cache, the client request can result in a null
pointer dereference. This flaw was introduced in glibc 2.15 when the
cache was added to nscd.
This vulnerability is only present in the nscd binary.
2024-06-07
CVE-2024-33600
openEuler-22.03-LTS-SP3
High
7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
glibc security update
2024-06-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1691
nscd: netgroup cache may terminate daemon on memory allocation failure
The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients. The
flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
2024-06-07
CVE-2024-33601
openEuler-22.03-LTS-SP3
Medium
6.2
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
glibc security update
2024-06-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1691
nscd: netgroup cache assumes NSS callback uses in-buffer strings
The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory
when the NSS callback does not store all strings in the provided buffer.
The flaw was introduced in glibc 2.15 when the cache was added to nscd.
This vulnerability is only present in the nscd binary.
2024-06-07
CVE-2024-33602
openEuler-22.03-LTS-SP3
Medium
4.0
AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
glibc security update
2024-06-07
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2024-1691