Advisories » MGASA-2024-0173

Updated glibc packages fix security vulnerabilities

Publication date: 10 May 2024
Modification date: 10 May 2024
Type: security
Affected Mageia releases : 9
CVE: CVE-2024-33599 , CVE-2024-33600 , CVE-2024-33601 , CVE-2024-33602

Description

Stack-based buffer overflow in netgroup cache: If the Name Service Cache
Daemon's (nscd) fixed size cache is exhausted by client requests then a
subsequent client request for netgroup data may result in a stack-based
buffer overflow. (CVE-2024-33599)
Null pointer crashes after notfound response: If the Name Service Cache
Daemon's (nscd) cache fails to add a not-found netgroup response to the
cache, the client request can result in a null pointer dereference.
(CVE-2024-33600)
Netgroup cache may terminate daemon on memory allocation failure: The
Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients.
(CVE-2024-33601)
Netgroup cache assumes NSS callback uses in-buffer strings: The Name
Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the
NSS callback does not store all strings in the provided buffer.
(CVE-2024-33602)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33185
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33599
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33600
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33601
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33602

SRPMS

9/core

• glibc-2.36-54.mga9