glibc-2.38-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13123 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z glibc-2.38-1.1 on GA media These are all security issues fixed in the glibc-2.38-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13123 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13123 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-25139/ SUSE CVE CVE-2023-25139 page openSUSE Tumbleweed glibc-2.38-1.1 glibc-devel-2.38-1.1 glibc-devel-static-2.38-1.1 glibc-extra-2.38-1.1 glibc-html-2.38-1.1 glibc-i18ndata-2.38-1.1 glibc-info-2.38-1.1 glibc-lang-2.38-1.1 glibc-locale-2.38-1.1 glibc-locale-base-2.38-1.1 glibc-profile-2.38-1.1 nscd-2.38-1.1 glibc-2.38-1.1 as a component of openSUSE Tumbleweed glibc-devel-2.38-1.1 as a component of openSUSE Tumbleweed glibc-devel-static-2.38-1.1 as a component of openSUSE Tumbleweed glibc-extra-2.38-1.1 as a component of openSUSE Tumbleweed glibc-html-2.38-1.1 as a component of openSUSE Tumbleweed glibc-i18ndata-2.38-1.1 as a component of openSUSE Tumbleweed glibc-info-2.38-1.1 as a component of openSUSE Tumbleweed glibc-lang-2.38-1.1 as a component of openSUSE Tumbleweed glibc-locale-2.38-1.1 as a component of openSUSE Tumbleweed glibc-locale-base-2.38-1.1 as a component of openSUSE Tumbleweed glibc-profile-2.38-1.1 as a component of openSUSE Tumbleweed nscd-2.38-1.1 as a component of openSUSE Tumbleweed sprintf in the GNU C Library (glibc) 2.37 has a buffer overflow (out-of-bounds write) in some situations with a correct buffer size. This is unrelated to CWE-676. It may write beyond the bounds of the destination buffer when attempting to write a padded, thousands-separated string representation of a number, if the buffer is allocated the exact size required to represent that number as a string. For example, 1,234,567 (with padding to 13) overflows by two bytes. CVE-2023-25139 openSUSE Tumbleweed:glibc-2.38-1.1 openSUSE Tumbleweed:glibc-devel-2.38-1.1 openSUSE Tumbleweed:glibc-devel-static-2.38-1.1 openSUSE Tumbleweed:glibc-extra-2.38-1.1 openSUSE Tumbleweed:glibc-html-2.38-1.1 openSUSE Tumbleweed:glibc-i18ndata-2.38-1.1 openSUSE Tumbleweed:glibc-info-2.38-1.1 openSUSE Tumbleweed:glibc-lang-2.38-1.1 openSUSE Tumbleweed:glibc-locale-2.38-1.1 openSUSE Tumbleweed:glibc-locale-base-2.38-1.1 openSUSE Tumbleweed:glibc-profile-2.38-1.1 openSUSE Tumbleweed:nscd-2.38-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-25139.html CVE-2023-25139 https://bugzilla.suse.com/1208189 SUSE Bug 1208189