182 lines
8.0 KiB
JSON
182 lines
8.0 KiB
JSON
{
|
|
"Definition": [
|
|
{
|
|
"ID": "oval:org.altlinux.errata:def:20247263",
|
|
"Version": "oval:org.altlinux.errata:def:20247263",
|
|
"Class": "patch",
|
|
"Metadata": {
|
|
"Title": "ALT-PU-2024-7263: package `glibc` update to version 2.38.0.76.e9f05fa1c6-alt1",
|
|
"AffectedList": [
|
|
{
|
|
"Family": "unix",
|
|
"Platforms": [
|
|
"ALT Linux branch p11"
|
|
],
|
|
"Products": [
|
|
"ALT Container"
|
|
]
|
|
}
|
|
],
|
|
"References": [
|
|
{
|
|
"RefID": "ALT-PU-2024-7263",
|
|
"RefURL": "https://errata.altlinux.org/ALT-PU-2024-7263",
|
|
"Source": "ALTPU"
|
|
},
|
|
{
|
|
"RefID": "CVE-2024-33599",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-33599",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2024-33600",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-33600",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2024-33601",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-33601",
|
|
"Source": "CVE"
|
|
},
|
|
{
|
|
"RefID": "CVE-2024-33602",
|
|
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2024-33602",
|
|
"Source": "CVE"
|
|
}
|
|
],
|
|
"Description": "This update upgrades glibc to version 2.38.0.76.e9f05fa1c6-alt1. \nSecurity Fix(es):\n\n * CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache\n\nIf the Name Service Cache Daemon's (nscd) fixed size cache is exhausted\nby client requests then a subsequent client request for netgroup data\nmay result in a stack-based buffer overflow. This flaw was introduced\nin glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n\n * CVE-2024-33600: nscd: Null pointer crashes after notfound response\n\nIf the Name Service Cache Daemon's (nscd) cache fails to add a not-found\nnetgroup response to the cache, the client request can result in a null\npointer dereference. This flaw was introduced in glibc 2.15 when the\ncache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n\n\n * CVE-2024-33601: nscd: netgroup cache may terminate daemon on memory allocation failure\n\nThe Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or\nxrealloc and these functions may terminate the process due to a memory\nallocation failure resulting in a denial of service to the clients. The\nflaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n\n\n * CVE-2024-33602: nscd: netgroup cache assumes NSS callback uses in-buffer strings\n\nThe Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory\nwhen the NSS callback does not store all strings in the provided buffer.\nThe flaw was introduced in glibc 2.15 when the cache was added to nscd.\n\nThis vulnerability is only present in the nscd binary.\n\n",
|
|
"Advisory": {
|
|
"From": "errata.altlinux.org",
|
|
"Severity": "Low",
|
|
"Rights": "Copyright 2024 BaseALT Ltd.",
|
|
"Issued": {
|
|
"Date": "2024-04-29"
|
|
},
|
|
"Updated": {
|
|
"Date": "2024-04-29"
|
|
},
|
|
"BDUs": null,
|
|
"CVEs": [
|
|
{
|
|
"ID": "CVE-2024-33599",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-33599",
|
|
"Impact": "None",
|
|
"Public": "20240506"
|
|
},
|
|
{
|
|
"ID": "CVE-2024-33600",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-33600",
|
|
"Impact": "None",
|
|
"Public": "20240506"
|
|
},
|
|
{
|
|
"ID": "CVE-2024-33601",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-33601",
|
|
"Impact": "None",
|
|
"Public": "20240506"
|
|
},
|
|
{
|
|
"ID": "CVE-2024-33602",
|
|
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2024-33602",
|
|
"Impact": "None",
|
|
"Public": "20240506"
|
|
}
|
|
],
|
|
"AffectedCPEs": {
|
|
"CPEs": [
|
|
"cpe:/o:alt:container:11"
|
|
]
|
|
}
|
|
}
|
|
},
|
|
"Criteria": {
|
|
"Operator": "AND",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:3001",
|
|
"Comment": "ALT Linux must be installed"
|
|
}
|
|
],
|
|
"Criterias": [
|
|
{
|
|
"Operator": "OR",
|
|
"Criterions": [
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263001",
|
|
"Comment": "glibc is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263002",
|
|
"Comment": "glibc-core is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263003",
|
|
"Comment": "glibc-debug is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263004",
|
|
"Comment": "glibc-devel is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263005",
|
|
"Comment": "glibc-devel-static is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263006",
|
|
"Comment": "glibc-doc is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263007",
|
|
"Comment": "glibc-gconv-modules is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263008",
|
|
"Comment": "glibc-i18ndata is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263009",
|
|
"Comment": "glibc-locales is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263010",
|
|
"Comment": "glibc-nss is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263011",
|
|
"Comment": "glibc-preinstall is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263012",
|
|
"Comment": "glibc-pthread is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263013",
|
|
"Comment": "glibc-source is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263014",
|
|
"Comment": "glibc-timezones is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263015",
|
|
"Comment": "glibc-utils is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263016",
|
|
"Comment": "iconv is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263017",
|
|
"Comment": "libnsl1 is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
},
|
|
{
|
|
"TestRef": "oval:org.altlinux.errata:tst:20247263018",
|
|
"Comment": "nscd is earlier than 6:2.38.0.76.e9f05fa1c6-alt1"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
} |