glibc-2.35-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11850 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z glibc-2.35-1.1 on GA media These are all security issues fixed in the glibc-2.35-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11850 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11850 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-3998/ SUSE CVE CVE-2021-3998 page https://www.suse.com/security/cve/CVE-2021-3999/ SUSE CVE CVE-2021-3999 page https://www.suse.com/security/cve/CVE-2022-23218/ SUSE CVE CVE-2022-23218 page https://www.suse.com/security/cve/CVE-2022-23219/ SUSE CVE CVE-2022-23219 page openSUSE Tumbleweed glibc-2.35-1.1 glibc-devel-2.35-1.1 glibc-devel-static-2.35-1.1 glibc-extra-2.35-1.1 glibc-html-2.35-1.1 glibc-i18ndata-2.35-1.1 glibc-info-2.35-1.1 glibc-lang-2.35-1.1 glibc-locale-2.35-1.1 glibc-locale-base-2.35-1.1 glibc-profile-2.35-1.1 nscd-2.35-1.1 glibc-2.35-1.1 as a component of openSUSE Tumbleweed glibc-devel-2.35-1.1 as a component of openSUSE Tumbleweed glibc-devel-static-2.35-1.1 as a component of openSUSE Tumbleweed glibc-extra-2.35-1.1 as a component of openSUSE Tumbleweed glibc-html-2.35-1.1 as a component of openSUSE Tumbleweed glibc-i18ndata-2.35-1.1 as a component of openSUSE Tumbleweed glibc-info-2.35-1.1 as a component of openSUSE Tumbleweed glibc-lang-2.35-1.1 as a component of openSUSE Tumbleweed glibc-locale-2.35-1.1 as a component of openSUSE Tumbleweed glibc-locale-base-2.35-1.1 as a component of openSUSE Tumbleweed glibc-profile-2.35-1.1 as a component of openSUSE Tumbleweed nscd-2.35-1.1 as a component of openSUSE Tumbleweed A flaw was found in glibc. The realpath() function can mistakenly return an unexpected value, potentially leading to information leakage and disclosure of sensitive data. CVE-2021-3998 openSUSE Tumbleweed:glibc-2.35-1.1 openSUSE Tumbleweed:glibc-devel-2.35-1.1 openSUSE Tumbleweed:glibc-devel-static-2.35-1.1 openSUSE Tumbleweed:glibc-extra-2.35-1.1 openSUSE Tumbleweed:glibc-html-2.35-1.1 openSUSE Tumbleweed:glibc-i18ndata-2.35-1.1 openSUSE Tumbleweed:glibc-info-2.35-1.1 openSUSE Tumbleweed:glibc-lang-2.35-1.1 openSUSE Tumbleweed:glibc-locale-2.35-1.1 openSUSE Tumbleweed:glibc-locale-base-2.35-1.1 openSUSE Tumbleweed:glibc-profile-2.35-1.1 openSUSE Tumbleweed:nscd-2.35-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3998.html CVE-2021-3998 https://bugzilla.suse.com/1194620 SUSE Bug 1194620 A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corruption when the size of the buffer is exactly 1. A local attacker who can control the input buffer and size passed to getcwd() in a setuid program could use this flaw to potentially execute arbitrary code and escalate their privileges on the system. CVE-2021-3999 openSUSE Tumbleweed:glibc-2.35-1.1 openSUSE Tumbleweed:glibc-devel-2.35-1.1 openSUSE Tumbleweed:glibc-devel-static-2.35-1.1 openSUSE Tumbleweed:glibc-extra-2.35-1.1 openSUSE Tumbleweed:glibc-html-2.35-1.1 openSUSE Tumbleweed:glibc-i18ndata-2.35-1.1 openSUSE Tumbleweed:glibc-info-2.35-1.1 openSUSE Tumbleweed:glibc-lang-2.35-1.1 openSUSE Tumbleweed:glibc-locale-2.35-1.1 openSUSE Tumbleweed:glibc-locale-base-2.35-1.1 openSUSE Tumbleweed:glibc-profile-2.35-1.1 openSUSE Tumbleweed:nscd-2.35-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-3999.html CVE-2021-3999 https://bugzilla.suse.com/1194640 SUSE Bug 1194640 https://bugzilla.suse.com/1196024 SUSE Bug 1196024 https://bugzilla.suse.com/1196389 SUSE Bug 1196389 https://bugzilla.suse.com/1199869 SUSE Bug 1199869 https://bugzilla.suse.com/1200203 SUSE Bug 1200203 The deprecated compatibility function svcunix_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVE-2022-23218 openSUSE Tumbleweed:glibc-2.35-1.1 openSUSE Tumbleweed:glibc-devel-2.35-1.1 openSUSE Tumbleweed:glibc-devel-static-2.35-1.1 openSUSE Tumbleweed:glibc-extra-2.35-1.1 openSUSE Tumbleweed:glibc-html-2.35-1.1 openSUSE Tumbleweed:glibc-i18ndata-2.35-1.1 openSUSE Tumbleweed:glibc-info-2.35-1.1 openSUSE Tumbleweed:glibc-lang-2.35-1.1 openSUSE Tumbleweed:glibc-locale-2.35-1.1 openSUSE Tumbleweed:glibc-locale-base-2.35-1.1 openSUSE Tumbleweed:glibc-profile-2.35-1.1 openSUSE Tumbleweed:nscd-2.35-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23218.html CVE-2022-23218 https://bugzilla.suse.com/1194770 SUSE Bug 1194770 https://bugzilla.suse.com/1199869 SUSE Bug 1199869 https://bugzilla.suse.com/1200036 SUSE Bug 1200036 The deprecated compatibility function clnt_create in the sunrpc module of the GNU C Library (aka glibc) through 2.34 copies its hostname argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or (if an application is not built with a stack protector enabled) arbitrary code execution. CVE-2022-23219 openSUSE Tumbleweed:glibc-2.35-1.1 openSUSE Tumbleweed:glibc-devel-2.35-1.1 openSUSE Tumbleweed:glibc-devel-static-2.35-1.1 openSUSE Tumbleweed:glibc-extra-2.35-1.1 openSUSE Tumbleweed:glibc-html-2.35-1.1 openSUSE Tumbleweed:glibc-i18ndata-2.35-1.1 openSUSE Tumbleweed:glibc-info-2.35-1.1 openSUSE Tumbleweed:glibc-lang-2.35-1.1 openSUSE Tumbleweed:glibc-locale-2.35-1.1 openSUSE Tumbleweed:glibc-locale-base-2.35-1.1 openSUSE Tumbleweed:glibc-profile-2.35-1.1 openSUSE Tumbleweed:nscd-2.35-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-23219.html CVE-2022-23219 https://bugzilla.suse.com/1194768 SUSE Bug 1194768 https://bugzilla.suse.com/1199869 SUSE Bug 1199869 https://bugzilla.suse.com/1200036 SUSE Bug 1200036