Security update for glibc-livepatches SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2024:1805-1 Final 1 1 2024-05-28T16:26:57Z current 2024-05-28T16:26:57Z 2024-05-28T16:26:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc-livepatches This update for glibc-livepatches fixes the following issues: - CVE-2024-2961: Fixed that the iconv() function in the GNU C Library may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set (bsc#1223019). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2024-1805,SUSE-SLE-Module-Live-Patching-15-SP4-2024-1805,SUSE-SLE-Module-Live-Patching-15-SP5-2024-1805 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2024/suse-su-20241805-1/ Link for SUSE-SU-2024:1805-1 https://lists.suse.com/pipermail/sle-security-updates/2024-May/018610.html E-Mail link for SUSE-SU-2024:1805-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1223019 SUSE Bug 1223019 https://www.suse.com/security/cve/CVE-2024-2961/ SUSE CVE CVE-2024-2961 page SUSE Linux Enterprise Live Patching 15 SP4 SUSE Linux Enterprise Live Patching 15 SP5 glibc-livepatches-0.1-150400.3.3.1 glibc-livepatches-0.1-150400.3.3.1 as a component of SUSE Linux Enterprise Live Patching 15 SP4 glibc-livepatches-0.1-150400.3.3.1 as a component of SUSE Linux Enterprise Live Patching 15 SP5 The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961 SUSE Linux Enterprise Live Patching 15 SP4:glibc-livepatches-0.1-150400.3.3.1 SUSE Linux Enterprise Live Patching 15 SP5:glibc-livepatches-0.1-150400.3.3.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2024/suse-su-20241805-1/ https://www.suse.com/security/cve/CVE-2024-2961.html CVE-2024-2961 https://bugzilla.suse.com/1222992 SUSE Bug 1222992 https://bugzilla.suse.com/1223019 SUSE Bug 1223019