glibc-2.39-7.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:13991 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z glibc-2.39-7.1 on GA media These are all security issues fixed in the glibc-2.39-7.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-13991 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:13991 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-33600/ SUSE CVE CVE-2024-33600 page https://www.suse.com/security/cve/CVE-2024-33601/ SUSE CVE CVE-2024-33601 page https://www.suse.com/security/cve/CVE-2024-33602/ SUSE CVE CVE-2024-33602 page openSUSE Tumbleweed glibc-2.39-7.1 glibc-devel-2.39-7.1 glibc-devel-static-2.39-7.1 glibc-extra-2.39-7.1 glibc-html-2.39-7.1 glibc-i18ndata-2.39-7.1 glibc-info-2.39-7.1 glibc-lang-2.39-7.1 glibc-locale-2.39-7.1 glibc-locale-base-2.39-7.1 glibc-profile-2.39-7.1 libnsl1-2.39-7.1 nscd-2.39-7.1 glibc-2.39-7.1 as a component of openSUSE Tumbleweed glibc-devel-2.39-7.1 as a component of openSUSE Tumbleweed glibc-devel-static-2.39-7.1 as a component of openSUSE Tumbleweed glibc-extra-2.39-7.1 as a component of openSUSE Tumbleweed glibc-html-2.39-7.1 as a component of openSUSE Tumbleweed glibc-i18ndata-2.39-7.1 as a component of openSUSE Tumbleweed glibc-info-2.39-7.1 as a component of openSUSE Tumbleweed glibc-lang-2.39-7.1 as a component of openSUSE Tumbleweed glibc-locale-2.39-7.1 as a component of openSUSE Tumbleweed glibc-locale-base-2.39-7.1 as a component of openSUSE Tumbleweed glibc-profile-2.39-7.1 as a component of openSUSE Tumbleweed libnsl1-2.39-7.1 as a component of openSUSE Tumbleweed nscd-2.39-7.1 as a component of openSUSE Tumbleweed nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVE-2024-33600 openSUSE Tumbleweed:glibc-2.39-7.1 openSUSE Tumbleweed:glibc-devel-2.39-7.1 openSUSE Tumbleweed:glibc-devel-static-2.39-7.1 openSUSE Tumbleweed:glibc-extra-2.39-7.1 openSUSE Tumbleweed:glibc-html-2.39-7.1 openSUSE Tumbleweed:glibc-i18ndata-2.39-7.1 openSUSE Tumbleweed:glibc-info-2.39-7.1 openSUSE Tumbleweed:glibc-lang-2.39-7.1 openSUSE Tumbleweed:glibc-locale-2.39-7.1 openSUSE Tumbleweed:glibc-locale-base-2.39-7.1 openSUSE Tumbleweed:glibc-profile-2.39-7.1 openSUSE Tumbleweed:libnsl1-2.39-7.1 openSUSE Tumbleweed:nscd-2.39-7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-33600.html CVE-2024-33600 https://bugzilla.suse.com/1223424 SUSE Bug 1223424 https://bugzilla.suse.com/1223589 SUSE Bug 1223589 nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVE-2024-33601 openSUSE Tumbleweed:glibc-2.39-7.1 openSUSE Tumbleweed:glibc-devel-2.39-7.1 openSUSE Tumbleweed:glibc-devel-static-2.39-7.1 openSUSE Tumbleweed:glibc-extra-2.39-7.1 openSUSE Tumbleweed:glibc-html-2.39-7.1 openSUSE Tumbleweed:glibc-i18ndata-2.39-7.1 openSUSE Tumbleweed:glibc-info-2.39-7.1 openSUSE Tumbleweed:glibc-lang-2.39-7.1 openSUSE Tumbleweed:glibc-locale-2.39-7.1 openSUSE Tumbleweed:glibc-locale-base-2.39-7.1 openSUSE Tumbleweed:glibc-profile-2.39-7.1 openSUSE Tumbleweed:libnsl1-2.39-7.1 openSUSE Tumbleweed:nscd-2.39-7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-33601.html CVE-2024-33601 https://bugzilla.suse.com/1223426 SUSE Bug 1223426 nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVE-2024-33602 openSUSE Tumbleweed:glibc-2.39-7.1 openSUSE Tumbleweed:glibc-devel-2.39-7.1 openSUSE Tumbleweed:glibc-devel-static-2.39-7.1 openSUSE Tumbleweed:glibc-extra-2.39-7.1 openSUSE Tumbleweed:glibc-html-2.39-7.1 openSUSE Tumbleweed:glibc-i18ndata-2.39-7.1 openSUSE Tumbleweed:glibc-info-2.39-7.1 openSUSE Tumbleweed:glibc-lang-2.39-7.1 openSUSE Tumbleweed:glibc-locale-2.39-7.1 openSUSE Tumbleweed:glibc-locale-base-2.39-7.1 openSUSE Tumbleweed:glibc-profile-2.39-7.1 openSUSE Tumbleweed:libnsl1-2.39-7.1 openSUSE Tumbleweed:nscd-2.39-7.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-33602.html CVE-2024-33602 https://bugzilla.suse.com/1223425 SUSE Bug 1223425