glibc-2.38-6.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13388 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z glibc-2.38-6.1 on GA media These are all security issues fixed in the glibc-2.38-6.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13388 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13388 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-1751/ SUSE CVE CVE-2020-1751 page https://www.suse.com/security/cve/CVE-2021-35942/ SUSE CVE CVE-2021-35942 page https://www.suse.com/security/cve/CVE-2023-4813/ SUSE CVE CVE-2023-4813 page openSUSE Tumbleweed glibc-2.38-6.1 glibc-devel-2.38-6.1 glibc-devel-static-2.38-6.1 glibc-extra-2.38-6.1 glibc-html-2.38-6.1 glibc-i18ndata-2.38-6.1 glibc-info-2.38-6.1 glibc-lang-2.38-6.1 glibc-locale-2.38-6.1 glibc-locale-base-2.38-6.1 glibc-profile-2.38-6.1 nscd-2.38-6.1 glibc-2.38-6.1 as a component of openSUSE Tumbleweed glibc-devel-2.38-6.1 as a component of openSUSE Tumbleweed glibc-devel-static-2.38-6.1 as a component of openSUSE Tumbleweed glibc-extra-2.38-6.1 as a component of openSUSE Tumbleweed glibc-html-2.38-6.1 as a component of openSUSE Tumbleweed glibc-i18ndata-2.38-6.1 as a component of openSUSE Tumbleweed glibc-info-2.38-6.1 as a component of openSUSE Tumbleweed glibc-lang-2.38-6.1 as a component of openSUSE Tumbleweed glibc-locale-2.38-6.1 as a component of openSUSE Tumbleweed glibc-locale-base-2.38-6.1 as a component of openSUSE Tumbleweed glibc-profile-2.38-6.1 as a component of openSUSE Tumbleweed nscd-2.38-6.1 as a component of openSUSE Tumbleweed An out-of-bounds write vulnerability was found in glibc before 2.31 when handling signal trampolines on PowerPC. Specifically, the backtrace function did not properly check the array bounds when storing the frame address, resulting in a denial of service or potential code execution. The highest threat from this vulnerability is to system availability. CVE-2020-1751 openSUSE Tumbleweed:glibc-2.38-6.1 openSUSE Tumbleweed:glibc-devel-2.38-6.1 openSUSE Tumbleweed:glibc-devel-static-2.38-6.1 openSUSE Tumbleweed:glibc-extra-2.38-6.1 openSUSE Tumbleweed:glibc-html-2.38-6.1 openSUSE Tumbleweed:glibc-i18ndata-2.38-6.1 openSUSE Tumbleweed:glibc-info-2.38-6.1 openSUSE Tumbleweed:glibc-lang-2.38-6.1 openSUSE Tumbleweed:glibc-locale-2.38-6.1 openSUSE Tumbleweed:glibc-locale-base-2.38-6.1 openSUSE Tumbleweed:glibc-profile-2.38-6.1 openSUSE Tumbleweed:nscd-2.38-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-1751.html CVE-2020-1751 https://bugzilla.suse.com/1167630 SUSE Bug 1167630 The wordexp function in the GNU C Library (aka glibc) through 2.33 may crash or read arbitrary memory in parse_param (in posix/wordexp.c) when called with an untrusted, crafted pattern, potentially resulting in a denial of service or disclosure of information. This occurs because atoi was used but strtoul should have been used to ensure correct calculations. CVE-2021-35942 openSUSE Tumbleweed:glibc-2.38-6.1 openSUSE Tumbleweed:glibc-devel-2.38-6.1 openSUSE Tumbleweed:glibc-devel-static-2.38-6.1 openSUSE Tumbleweed:glibc-extra-2.38-6.1 openSUSE Tumbleweed:glibc-html-2.38-6.1 openSUSE Tumbleweed:glibc-i18ndata-2.38-6.1 openSUSE Tumbleweed:glibc-info-2.38-6.1 openSUSE Tumbleweed:glibc-lang-2.38-6.1 openSUSE Tumbleweed:glibc-locale-2.38-6.1 openSUSE Tumbleweed:glibc-locale-base-2.38-6.1 openSUSE Tumbleweed:glibc-profile-2.38-6.1 openSUSE Tumbleweed:nscd-2.38-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-35942.html CVE-2021-35942 https://bugzilla.suse.com/1187911 SUSE Bug 1187911 https://bugzilla.suse.com/1192788 SUSE Bug 1192788 A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. CVE-2023-4813 openSUSE Tumbleweed:glibc-2.38-6.1 openSUSE Tumbleweed:glibc-devel-2.38-6.1 openSUSE Tumbleweed:glibc-devel-static-2.38-6.1 openSUSE Tumbleweed:glibc-extra-2.38-6.1 openSUSE Tumbleweed:glibc-html-2.38-6.1 openSUSE Tumbleweed:glibc-i18ndata-2.38-6.1 openSUSE Tumbleweed:glibc-info-2.38-6.1 openSUSE Tumbleweed:glibc-lang-2.38-6.1 openSUSE Tumbleweed:glibc-locale-2.38-6.1 openSUSE Tumbleweed:glibc-locale-base-2.38-6.1 openSUSE Tumbleweed:glibc-profile-2.38-6.1 openSUSE Tumbleweed:nscd-2.38-6.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-4813.html CVE-2023-4813 https://bugzilla.suse.com/1215286 SUSE Bug 1215286