update: glibc
dongsupark opened this issue · comments
Name: glibc
CVEs: CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
CVSSs: n/a, n/a, n/a, n/a, n/a
Action Needed: update to >= 2.38-r13
Summary:
- CVE-2024-2961: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. ISO-2022-CN-EXT uses escape sequences to indicate character set changes (as specified by RFC 1922). While the SOdesignation has the expected bounds checks, neither SS2designation nor SS3designation have its; allowing a write overflow of 1, 2, or 3 bytes with fixed values: '$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.
- CVE-2024-33599: netgroup cache: invalid memcpy under low memory/storage conditions.
mempool_alloc fails and returns NULL. This is possible if posix_fallocate fails and the retry fails. This was detected by static code analysis. It will only happen in the case the database runs out of memory/storage while expanding the netgroup cache. The group entries overwrite other data on the stack after dataset_mem. The workaround is not to cache the netgroup if this is impacting the use of the application. - CVE-2024-33600: After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. In addinnetgrX, addgetnetgrentX may have produced a NULL result, indicating a not-found status, but this is not handled in the subsequent code that prepares the record that will be sent out to the client.
- CVE-2024-33601: The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.
- CVE-2024-33602: The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer
See also https://security.gentoo.org/glsa/202405-17.
refmap.gentoo: