Security update for glibc SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1728-1 Final 1 1 2024-05-21T14:34:54Z current 2024-05-21T14:34:54Z 2024-05-21T14:34:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc fixes the following issues: - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1728,SUSE-SLE-SERVER-11-SP4-LTSS-EXTREME-CORE-2024-1728 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241728-1/ Link for SUSE-SU-2024:1728-1 https://lists.suse.com/pipermail/sle-updates/2024-May/035325.html E-Mail link for SUSE-SU-2024:1728-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1222992 SUSE Bug 1222992 https://www.suse.com/security/cve/CVE-2024-2961/ SUSE CVE CVE-2024-2961 page SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-2.11.3-17.110.52.1 glibc-32bit-2.11.3-17.110.52.1 glibc-64bit-2.11.3-17.110.52.1 glibc-devel-2.11.3-17.110.52.1 glibc-devel-32bit-2.11.3-17.110.52.1 glibc-devel-64bit-2.11.3-17.110.52.1 glibc-html-2.11.3-17.110.52.1 glibc-i18ndata-2.11.3-17.110.52.1 glibc-info-2.11.3-17.110.52.1 glibc-locale-2.11.3-17.110.52.1 glibc-locale-32bit-2.11.3-17.110.52.1 glibc-locale-64bit-2.11.3-17.110.52.1 glibc-locale-x86-2.11.3-17.110.52.1 glibc-obsolete-2.11.3-17.110.52.1 glibc-profile-2.11.3-17.110.52.1 glibc-profile-32bit-2.11.3-17.110.52.1 glibc-profile-64bit-2.11.3-17.110.52.1 glibc-profile-x86-2.11.3-17.110.52.1 glibc-x86-2.11.3-17.110.52.1 nscd-2.11.3-17.110.52.1 glibc-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-32bit-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-devel-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-devel-32bit-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-html-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-i18ndata-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-info-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-locale-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-locale-32bit-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-profile-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE glibc-profile-32bit-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE nscd-2.11.3-17.110.52.1 as a component of SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-32bit-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-devel-32bit-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-html-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-i18ndata-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-info-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-locale-32bit-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:glibc-profile-32bit-2.11.3-17.110.52.1 SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE:nscd-2.11.3-17.110.52.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241728-1/ https://www.suse.com/security/cve/CVE-2024-2961.html CVE-2024-2961 https://bugzilla.suse.com/1222992 SUSE Bug 1222992 https://bugzilla.suse.com/1223019 SUSE Bug 1223019