{
  "schema_version": "1.6.2",
  "id": "MGASA-2024-0026",
  "published": "2024-02-04T02:49:27Z",
  "modified": "2024-02-04T01:34:41Z",
  "summary": "Updated glibc packages fix security vulnerabilities",
  "details": "The updated packages fix security vulnerabilities:\nA heap-based buffer overflow was found in the __vsyslog_internal\nfunction of the glibc library. This function is called by the syslog and\nvsyslog functions. This issue occurs when the openlog function was not\ncalled, or called with the ident argument set to NULL, and the program\nname (the basename of argv[0]) is bigger than 1024 bytes, resulting in\nan application crash or local privilege escalation. (CVE-2023-6246)\nAn off-by-one heap-based buffer overflow was found in the\n__vsyslog_internal function of the glibc library. This function is\ncalled by the syslog and vsyslog functions. This issue occurs when these\nfunctions are called with a message bigger than INT_MAX bytes, leading\nto an incorrect calculation of the buffer size to store the message,\nresulting in an application crash. (CVE-2023-6779)\nAn integer overflow was found in the __vsyslog_internal function of the\nglibc library. This function is called by the syslog and vsyslog\nfunctions. This issue occurs when these functions are called with a very\nlong message, leading to an incorrect calculation of the buffer size to\nstore the message, resulting in undefined behavior. (CVE-2023-6780)\n",
  "related": [
    "CVE-2023-6246",
    "CVE-2023-6779",
    "CVE-2023-6780"
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2024-0026.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=32796"
    },
    {
      "type": "REPORT",
      "url": "https://security-tracker.debian.org/tracker/DSA-5611-1"
    },
    {
      "type": "REPORT",
      "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2024-aec80d6e8a"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:9",
        "name": "glibc",
        "purl": "pkg:rpm/mageia/glibc?arch=source&distro=mageia-9"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.36-52.mga9"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}