products/SUSE_ALP_Standard
9
0
Fork 1
Code Issues 1 Pull Requests Packages Projects Releases Wiki Activity
6b12d55216
SUSE_ALP_Standard/patchinfo.20240830115148387783.269002615871826/_patchinfo

49 lines
2.8 KiB
Plaintext
Raw Blame History

<patchinfo incident="32">
<!-- generated from request(s) 339726 -->
<issue tracker="bnc" id="1221482">Oracle Fusion Middleware component installation issue.</issue>
<issue tracker="bnc" id="1221940">Update in glibc-devel-2.31-150300.52.2 causes performance regression on Sapphire Rapids CPU for glibc compiled benchmarking tests</issue>
<issue tracker="bnc" id="1222992">VUL-0: CVE-2024-2961: glibc: iconv() function in the GNU C Library may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set</issue>
<issue tracker="bnc" id="1223423">VUL-0: CVE-2024-33599: glibc: stack-based buffer overflow in netgroup cache</issue>
<issue tracker="bnc" id="1223424">VUL-0: CVE-2024-33600: glibc: null pointer dereference after failed netgroup cache insertion</issue>
<issue tracker="bnc" id="1223425">VUL-0: CVE-2024-33602: glibc: netgroup cache assumes NSS callback uses in-buffer strings</issue>
<issue tracker="bnc" id="1228041">SLES 16 SP0 - s390x: glibc: z13 wcsncmp implementation segfaults if n=1</issue>
<issue tracker="cve" id="2024-2961"/>
<issue tracker="cve" id="2024-33599"/>
<issue tracker="cve" id="2024-33600"/>
<issue tracker="cve" id="2024-33601"/>
<issue tracker="cve" id="2024-33602"/>
<packager>Andreas_Schwab</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for glibc</summary>
<description>This update for glibc fixes the following issues:
Fixed security issues:
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423)
- CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424)
- CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425)
- CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992)
Fixed non-security issues:
- Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482)
- Fix segfault in wcsncmp (bsc#1228041)
- Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482)
- Avoid creating ULP prologue for _start routine (bsc#1221940)
- Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482)
- malloc: Use __get_nprocs on arena_get2
- linux: Use rseq area unconditionally in sched_getcpu
</description>
<package>glibc</package>
<package>glibc:cross-aarch64</package>
<package>glibc:cross-ppc64le</package>
<package>glibc:cross-riscv64</package>
<package>glibc:cross-s390x</package>
<package>glibc:i686</package>
<package>glibc:testsuite</package>
<package>glibc:utils</package>
<seperate_build_arch/>
</patchinfo>
Reference in New Issue View Git Blame Copy Permalink