Security update for glibc SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20038-1 Final 1 1 2025-02-03T08:53:19Z current 2025-02-03T08:53:19Z 2025-02-03T08:53:19Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc fixes the following issues: Fixed security issues: - CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bsc#1223424) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424) - CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425) - CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992) Fixed non-security issues: - Add workaround for invalid use of libc_nonshared.a with non-SUSE libc (bsc#1221482) - Fix segfault in wcsncmp (bsc#1228041) - Also include stat64 in the 32-bit libc_nonshared.a workaround (bsc#1221482) - Avoid creating ULP prologue for _start routine (bsc#1221940) - Also add libc_nonshared.a workaround to 32-bit x86 compat package (bsc#1221482) - malloc: Use __get_nprocs on arena_get2 - linux: Use rseq area unconditionally in sched_getcpu The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-32 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520038-1/ Link for SUSE-SU-2025:20038-1 https://lists.suse.com/pipermail/sle-security-updates/2025-June/021353.html E-Mail link for SUSE-SU-2025:20038-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1221482 SUSE Bug 1221482 https://bugzilla.suse.com/1221940 SUSE Bug 1221940 https://bugzilla.suse.com/1222992 SUSE Bug 1222992 https://bugzilla.suse.com/1223423 SUSE Bug 1223423 https://bugzilla.suse.com/1223424 SUSE Bug 1223424 https://bugzilla.suse.com/1223425 SUSE Bug 1223425 https://bugzilla.suse.com/1228041 SUSE Bug 1228041 https://www.suse.com/security/cve/CVE-2024-2961/ SUSE CVE CVE-2024-2961 page https://www.suse.com/security/cve/CVE-2024-33599/ SUSE CVE CVE-2024-33599 page https://www.suse.com/security/cve/CVE-2024-33600/ SUSE CVE CVE-2024-33600 page https://www.suse.com/security/cve/CVE-2024-33601/ SUSE CVE CVE-2024-33601 page https://www.suse.com/security/cve/CVE-2024-33602/ SUSE CVE CVE-2024-33602 page SUSE Linux Micro 6.0 glibc-2.38-7.1 glibc-devel-2.38-7.1 glibc-locale-2.38-7.1 glibc-locale-base-2.38-7.1 glibc-2.38-7.1 as a component of SUSE Linux Micro 6.0 glibc-devel-2.38-7.1 as a component of SUSE Linux Micro 6.0 glibc-locale-2.38-7.1 as a component of SUSE Linux Micro 6.0 glibc-locale-base-2.38-7.1 as a component of SUSE Linux Micro 6.0 The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. CVE-2024-2961 SUSE Linux Micro 6.0:glibc-2.38-7.1 SUSE Linux Micro 6.0:glibc-devel-2.38-7.1 SUSE Linux Micro 6.0:glibc-locale-2.38-7.1 SUSE Linux Micro 6.0:glibc-locale-base-2.38-7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520038-1/ https://www.suse.com/security/cve/CVE-2024-2961.html CVE-2024-2961 https://bugzilla.suse.com/1222992 SUSE Bug 1222992 https://bugzilla.suse.com/1223019 SUSE Bug 1223019 nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVE-2024-33599 SUSE Linux Micro 6.0:glibc-2.38-7.1 SUSE Linux Micro 6.0:glibc-devel-2.38-7.1 SUSE Linux Micro 6.0:glibc-locale-2.38-7.1 SUSE Linux Micro 6.0:glibc-locale-base-2.38-7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520038-1/ https://www.suse.com/security/cve/CVE-2024-33599.html CVE-2024-33599 https://bugzilla.suse.com/1223423 SUSE Bug 1223423 https://bugzilla.suse.com/1223530 SUSE Bug 1223530 nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. This flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVE-2024-33600 SUSE Linux Micro 6.0:glibc-2.38-7.1 SUSE Linux Micro 6.0:glibc-devel-2.38-7.1 SUSE Linux Micro 6.0:glibc-locale-2.38-7.1 SUSE Linux Micro 6.0:glibc-locale-base-2.38-7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520038-1/ https://www.suse.com/security/cve/CVE-2024-33600.html CVE-2024-33600 https://bugzilla.suse.com/1222992 SUSE Bug 1222992 https://bugzilla.suse.com/1223424 SUSE Bug 1223424 https://bugzilla.suse.com/1223589 SUSE Bug 1223589 nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVE-2024-33601 SUSE Linux Micro 6.0:glibc-2.38-7.1 SUSE Linux Micro 6.0:glibc-devel-2.38-7.1 SUSE Linux Micro 6.0:glibc-locale-2.38-7.1 SUSE Linux Micro 6.0:glibc-locale-base-2.38-7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520038-1/ https://www.suse.com/security/cve/CVE-2024-33601.html CVE-2024-33601 https://bugzilla.suse.com/1223426 SUSE Bug 1223426 nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. The flaw was introduced in glibc 2.15 when the cache was added to nscd. This vulnerability is only present in the nscd binary. CVE-2024-33602 SUSE Linux Micro 6.0:glibc-2.38-7.1 SUSE Linux Micro 6.0:glibc-devel-2.38-7.1 SUSE Linux Micro 6.0:glibc-locale-2.38-7.1 SUSE Linux Micro 6.0:glibc-locale-base-2.38-7.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520038-1/ https://www.suse.com/security/cve/CVE-2024-33602.html CVE-2024-33602 https://bugzilla.suse.com/1223425 SUSE Bug 1223425