glibc-2.39-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13647 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z glibc-2.39-1.2 on GA media These are all security issues fixed in the glibc-2.39-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13647 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13647 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2023-6246/ SUSE CVE CVE-2023-6246 page openSUSE Tumbleweed glibc-2.39-1.2 glibc-devel-2.39-1.2 glibc-devel-static-2.39-1.2 glibc-extra-2.39-1.2 glibc-html-2.39-1.2 glibc-i18ndata-2.39-1.2 glibc-info-2.39-1.2 glibc-lang-2.39-1.2 glibc-locale-2.39-1.2 glibc-locale-base-2.39-1.2 glibc-profile-2.39-1.2 libnsl1-2.39-1.2 nscd-2.39-1.2 glibc-2.39-1.2 as a component of openSUSE Tumbleweed glibc-devel-2.39-1.2 as a component of openSUSE Tumbleweed glibc-devel-static-2.39-1.2 as a component of openSUSE Tumbleweed glibc-extra-2.39-1.2 as a component of openSUSE Tumbleweed glibc-html-2.39-1.2 as a component of openSUSE Tumbleweed glibc-i18ndata-2.39-1.2 as a component of openSUSE Tumbleweed glibc-info-2.39-1.2 as a component of openSUSE Tumbleweed glibc-lang-2.39-1.2 as a component of openSUSE Tumbleweed glibc-locale-2.39-1.2 as a component of openSUSE Tumbleweed glibc-locale-base-2.39-1.2 as a component of openSUSE Tumbleweed glibc-profile-2.39-1.2 as a component of openSUSE Tumbleweed libnsl1-2.39-1.2 as a component of openSUSE Tumbleweed nscd-2.39-1.2 as a component of openSUSE Tumbleweed A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. CVE-2023-6246 openSUSE Tumbleweed:glibc-2.39-1.2 openSUSE Tumbleweed:glibc-devel-2.39-1.2 openSUSE Tumbleweed:glibc-devel-static-2.39-1.2 openSUSE Tumbleweed:glibc-extra-2.39-1.2 openSUSE Tumbleweed:glibc-html-2.39-1.2 openSUSE Tumbleweed:glibc-i18ndata-2.39-1.2 openSUSE Tumbleweed:glibc-info-2.39-1.2 openSUSE Tumbleweed:glibc-lang-2.39-1.2 openSUSE Tumbleweed:glibc-locale-2.39-1.2 openSUSE Tumbleweed:glibc-locale-base-2.39-1.2 openSUSE Tumbleweed:glibc-profile-2.39-1.2 openSUSE Tumbleweed:libnsl1-2.39-1.2 openSUSE Tumbleweed:nscd-2.39-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2023-6246.html CVE-2023-6246 https://bugzilla.suse.com/1218863 SUSE Bug 1218863