Adding patchinfo patchinfo.20240830115148387783.269002615871826

2024-09-05 11:33:00 +02:00 · 2024-09-05 11:33:00 +02:00 · bc16047811
commit bc16047811
parent 2a103faca5
2 changed files with 50 additions and 1 deletions
--- a/2
+++ b/2
@ -1 +1 @@
-Subproject commit e22ea755a4993fea72ee826a38a4d932b3748ac5
+Subproject commit 7e9b8346f71581f8fe5df8f1a1d37c92aeb43df7
--- a/patchinfo.20240830115148387783.269002615871826/_patchinfo
+++ b/patchinfo.20240830115148387783.269002615871826/_patchinfo
@ -0,0 +1,49 @@
+<patchinfo>
+  <!-- generated from request(s) 339726 -->
+  <issue tracker="bnc" id="1221482">Oracle Fusion Middleware component installation issue.</issue>
+  <issue tracker="bnc" id="1221940">Update in glibc-devel-2.31-150300.52.2 causes performance regression on Sapphire Rapids CPU for glibc compiled benchmarking tests</issue>
+  <issue tracker="bnc" id="1222992">VUL-0: CVE-2024-2961: glibc: iconv() function in the GNU C Library may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set</issue>
+  <issue tracker="bnc" id="1223423">VUL-0: CVE-2024-33599: glibc: stack-based buffer overflow in netgroup cache</issue>
+  <issue tracker="bnc" id="1223424">VUL-0: CVE-2024-33600: glibc: null pointer dereference after failed netgroup cache insertion</issue>
+  <issue tracker="bnc" id="1223425">VUL-0: CVE-2024-33602: glibc: netgroup cache assumes NSS callback uses in-buffer strings</issue>
+  <issue tracker="bnc" id="1228041">SLES 16 SP0 - s390x: glibc: z13 wcsncmp implementation segfaults if n=1</issue>
+  <issue tracker="cve" id="2024-2961"/>
+  <issue tracker="cve" id="2024-33599"/>
+  <issue tracker="cve" id="2024-33600"/>
+  <issue tracker="cve" id="2024-33601"/>
+  <issue tracker="cve" id="2024-33602"/>
+  <packager>Andreas_Schwab</packager>
+  <rating>important</rating>
+  <category>security</category>
+  <summary>Security update for glibc</summary>
+  <description>This update for glibc fixes the following issues:
+
+Fixed security issues:
+
+- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
+- CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423)
+- CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424)
+- CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424)
+- CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425)
+- CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992)
+
+Fixed non-security issues:
+
+- Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482)
+- Fix segfault in wcsncmp (bsc#1228041)
+- Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482)
+- Avoid creating ULP prologue for _start routine (bsc#1221940)
+- Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482)
+- malloc: Use __get_nprocs on arena_get2
+- linux: Use rseq area unconditionally in sched_getcpu
+</description>
+  <package>glibc</package>
+  <package>glibc:cross-aarch64</package>
+  <package>glibc:cross-ppc64le</package>
+  <package>glibc:cross-riscv64</package>
+  <package>glibc:cross-s390x</package>
+  <package>glibc:i686</package>
+  <package>glibc:testsuite</package>
+  <package>glibc:utils</package>
+  <seperate_build_arch/>
+</patchinfo>