SUSE-SU-2024:1895-2
- Source
- https://www.suse.com/support/update/announcement/2024/suse-su-20241895-2/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1895-2.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2024:1895-2
- Upstream
- Related
- Published
- 2024-06-03T07:00:59Z
- Modified
- 2025-05-02T04:36:45.445924Z
- Summary
- Security update for glibc
- Details
-
This update for glibc fixes the following issues:
- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
Avoid creating userspace live patching prologue for _start routine (bsc#1221940)
- References
-
- https://www.suse.com/support/update/announcement/2024/suse-su-20241895-2/
- https://bugzilla.suse.com/1221940
- https://bugzilla.suse.com/1223423
- https://bugzilla.suse.com/1223424
- https://bugzilla.suse.com/1223425
- https://www.suse.com/security/cve/CVE-2024-33599
- https://www.suse.com/security/cve/CVE-2024-33600
- https://www.suse.com/security/cve/CVE-2024-33601
- https://www.suse.com/security/cve/CVE-2024-33602
Affected packages
SUSE:Linux Enterprise Micro 5.5 / glibc
Package
- Name
- glibc
- Purl
- pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Micro%205.5
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.31-150300.83.1