Oracle Fusion Middleware component installation issue. Update in glibc-devel-2.31-150300.52.2 causes performance regression on Sapphire Rapids CPU for glibc compiled benchmarking tests VUL-0: CVE-2024-2961: glibc: iconv() function in the GNU C Library may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set VUL-0: CVE-2024-33599: glibc: stack-based buffer overflow in netgroup cache VUL-0: CVE-2024-33600: glibc: null pointer dereference after failed netgroup cache insertion VUL-0: CVE-2024-33602: glibc: netgroup cache assumes NSS callback uses in-buffer strings SLES 16 SP0 - s390x: glibc: z13 wcsncmp implementation segfaults if n=1 Andreas_Schwab important security

Security update for glibc

This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu glibc glibc:cross-aarch64 glibc:cross-ppc64le glibc:cross-riscv64 glibc:cross-s390x glibc:i686 glibc:testsuite glibc:utils