From patchwork Thu May 2 01:58:49 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Carlos O'Donell X-Patchwork-Id: 1930521 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=b0y1Sm3q; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VVHHZ1xKGz1ymc for ; Thu, 2 May 2024 12:02:02 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 333A3384AB59 for ; Thu, 2 May 2024 02:02:00 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 8E9E23858D34 for ; Thu, 2 May 2024 02:01:31 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 8E9E23858D34 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 8E9E23858D34 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.133.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714615295; cv=none; b=gqX2XYd6G5bNqPqQ8nZodb2c/Af22tTLOTzzSXa2tNNLS+itJlzpN20bxv6dgOaOF8s6Ik2FyLYotYuFuY/tWYkFNWTcG36VgTkBmGfKM+ExwDqDu5gMsqqIm3pJAVN/BV75gV4BjfzX6bNETOrNbSBmYfjjKWdqWFLtWkzsSgY= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714615295; c=relaxed/simple; bh=C3eLnCnzfvd65I9kCv5nD1Kho/1dnXTOhTdwpB3K3Kg=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=htiDsSuJ669Fe1cevGneTo9HGJUDNRd2Bz4b42lK2m4y1o/YuvoFewXXZckDfO00AUdVXIaQrSPEEaK1himwkQ//ky9JrBJr9MhWZqtsrJTQaZGA6zY9PIHk//J7ZYr94PV/V69dI0xhUIWaM2VnnIbGgOpT0KHP2TUiTtQlcbk= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1714615291; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=aJe4yPXnu2V2zmZGpxGH8WDzk7JAib017XCivWTB5kA=; b=b0y1Sm3qmty0XJtGJVSKWQtCRhMaIvbKr6moq0QZDiPtG5g5lmcFgS7r6YwQeZPguTa48z MAabZohuNPPW4MkM/fDYBlAWPnDdNFYlCPiRaJXR1ns+tzCAMJda/pU6nN5TtLhLccc93/ 92Xg0fdKzPYUVzMOdzwoqqRPT4/Kgn0= Received: from mail-qk1-f200.google.com (mail-qk1-f200.google.com [209.85.222.200]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-322-bBqFObV4N_S_yDWgmaiLjA-1; Wed, 01 May 2024 22:01:30 -0400 X-MC-Unique: bBqFObV4N_S_yDWgmaiLjA-1 Received: by mail-qk1-f200.google.com with SMTP id af79cd13be357-790ef5f8d70so550288085a.0 for ; Wed, 01 May 2024 19:01:30 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714615289; x=1715220089; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=aJe4yPXnu2V2zmZGpxGH8WDzk7JAib017XCivWTB5kA=; b=nxbtq54lRExDHFs/z+eZnFiLT22hFXvCW1yFoUN2vbCfFQnCwSUyUsyX87MgjKFQjQ bjbNpeEzcFWdU80eoE+X8pPNgnpgF9bi3Q/xscHs7jCM7g8cUFUbgWraPqDE+GkaCUeh rTB6253rWQrLGRYfPJRBcnN4QjbhtOd4l9/MraTo6nikYleDWBi8WDOsNWPz8tiW8L5n QN+PM5+rgLvVnFT/kPMYA/9VctsKPKZxKpdT0CbWnU4vTiDkbZ85g/ClAoLE/Cuj5luu n8BSdgQm0QQC66tEowr28/gTX5T7mSe6PmJG3fCH7YkfGPWxgz0tIcSyKqtC8LcxODXw tyNA== X-Gm-Message-State: AOJu0YwPNsj538CftR5C0YsNr6cNRVEGsrBR48PbNo60P03bIwY79wLE qNStbRkhHT9REOSyQOD1EaImCEb5DcXZ4KZKi8YPbUZ0XobgHE/ipqZCbQjJx0c6VZhab4IZtpp K23t0NI4c69vEQXlXiExvWG13e69TEMSAT4SDi0b3rOo3aj24gkcyc+CY2Am0J0ZCyPeFjCl4Lj Y16Dq9msfeoYDhziVsZS0Hy4OGLH7Iy9xhb47cK/w= X-Received: by 2002:a05:620a:6129:b0:790:fbaa:550d with SMTP id oq41-20020a05620a612900b00790fbaa550dmr4252569qkn.45.1714615289068; Wed, 01 May 2024 19:01:29 -0700 (PDT) X-Google-Smtp-Source: AGHT+IGDRdz28TbpLHBnnb+zytyju7PCDyvASzMJ7qJXoFUPoBzESW1F9MdrIT6cetsC9cssYJEWOg== X-Received: by 2002:a05:620a:6129:b0:790:fbaa:550d with SMTP id oq41-20020a05620a612900b00790fbaa550dmr4252533qkn.45.1714615288257; Wed, 01 May 2024 19:01:28 -0700 (PDT) Received: from athas.redhat.com ([198.48.244.52]) by smtp.gmail.com with ESMTPSA id pa2-20020a05620a830200b0078ede2e9125sm12665938qkn.57.2024.05.01.19.01.24 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 May 2024 19:01:25 -0700 (PDT) From: Carlos O'Donell To: libc-alpha@sourceware.org, Adhemerval Zanella , Siddhesh Poyarekar Cc: Carlos O'Donell Subject: [PATCH 1/2] Document CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 Date: Wed, 1 May 2024 21:58:49 -0400 Message-ID: <20240502020121.3267018-1-carlos@redhat.com> X-Mailer: git-send-email 2.44.0 MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-12.3 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_LOTSOFHASH, KAM_NUMSUBJECT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org This commit adds advisory data for the above CVE(s). --- advisories/GLIBC-SA-2024-0005 | 22 ++++++++++++++++++++++ advisories/GLIBC-SA-2024-0006 | 28 ++++++++++++++++++++++++++++ advisories/GLIBC-SA-2024-0007 | 28 ++++++++++++++++++++++++++++ advisories/GLIBC-SA-2024-0008 | 26 ++++++++++++++++++++++++++ 4 files changed, 104 insertions(+) create mode 100644 advisories/GLIBC-SA-2024-0005 create mode 100644 advisories/GLIBC-SA-2024-0006 create mode 100644 advisories/GLIBC-SA-2024-0007 create mode 100644 advisories/GLIBC-SA-2024-0008 diff --git a/advisories/GLIBC-SA-2024-0005 b/advisories/GLIBC-SA-2024-0005 new file mode 100644 index 0000000000..9dc3ff8cf9 --- /dev/null +++ b/advisories/GLIBC-SA-2024-0005 @@ -0,0 +1,22 @@ +nscd: Stack-based buffer overflow in netgroup cache + +If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted +by client requests then a subsequent client request for netgroup data +may result in a stack-based buffer overflow. This flaw was introduced +in glibc 2.15 when the cache was added to nscd. + +This vulnerability is only present the nscd binary. + +CVE-Id: CVE-2024-33599 +Public-Date: 2024-04-23 +Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15) +Fix-Commit: 69c58d5ef9f584ea198bd00f7964d364d0e6b921 (2.31-155) +Fix-Commit: a77064893bfe8a701770e2f53a4d33805bc47a5a (2.32-141) +Fix-Commit: 5c75001a96abcd50cbdb74df24c3f013188d076e (2.33-264) +Fix-Commit: 52f73e5c4e29b14e79167272297977f360ae1e97 (2.34-460) +Fix-Commit: 7a95873543ce225376faf13bb71c43dea6d24f86 (2.35-316) +Fix-Commit: caa3151ca460bdd9330adeedd68c3112d97bffe4 (2.36-165) +Fix-Commit: f75c298e747b2b8b41b1c2f551c011a52c41bfd1 (2.37-91) +Fix-Commit: 5968aebb86164034b8f8421b4abab2f837a5bdaf (2.38-72) +Fix-Commit: 1263d583d2e28afb8be53f8d6922f0842036f35d (2.39-35) +Fix-Commit: 87801a8fd06db1d654eea3e4f7626ff476a9bdaa (2.40) diff --git a/advisories/GLIBC-SA-2024-0006 b/advisories/GLIBC-SA-2024-0006 new file mode 100644 index 0000000000..7fd0367e10 --- /dev/null +++ b/advisories/GLIBC-SA-2024-0006 @@ -0,0 +1,28 @@ +nscd: Avoid null pointer crashes after notfound response + +If the Name Service Cache Daemon's (nscd) cache fails to add a not-found +netgroup response to the cache, the client request can result in a null +pointer dereference. This flaw was introduced in glibc 2.15 when the +cache was added to nscd. + +This vulnerability is only present in the nscd binary. + +This vulnerability was fixed across two commits; both commits are +required to correct the defect e.g. +7835b00dbce53c3c87bbbb1754a95fb5e58187aa and +b048a482f088e53144d26a61c390bed0210f49f2. Only the final commit in the +branch is listed in the fixed commit list. + +CVE-Id: CVE-2024-33600 +Public-Date: 2024-04-24 +Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15) +Fix-Commit: b048a482f088e53144d26a61c390bed0210f49f2 (2.40) +Fix-Commit: c99f886de54446cd4447db6b44be93dabbdc2f8b (2.39-37) +Fix-Commit: 2ae9446c1b7a3064743b4a51c0bbae668ee43e4c (2.38-74) +Fix-Commit: a8070b31043c7585c36ba68a74298c4f7af075c3 (2.37-93) +Fix-Commit: f205b3af56740e3b014915b1bd3b162afe3407ef (2.36-167) +Fix-Commit: bafadc589fbe21ae330e8c2af74db9da44a17660 (2.35-318) +Fix-Commit: 1f94122289a9bf7dba573f5d60327aaa2b85cf2e (2.34-462) +Fix-Commit: e3eef1b8fbdd3a7917af466ca9c4b7477251ca79 (2.33-266) +Fix-Commit: be602180146de37582a3da3a0caa4b719645de9c (2.32-143) +Fix-Commit: 8d7949183760170c61e55def723c1d8050187874 (2.31-157) diff --git a/advisories/GLIBC-SA-2024-0007 b/advisories/GLIBC-SA-2024-0007 new file mode 100644 index 0000000000..d4f5d4298c --- /dev/null +++ b/advisories/GLIBC-SA-2024-0007 @@ -0,0 +1,28 @@ +nscd: netgroup cache may terminate daemon on memory allocation failure + +The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or +xrealloc and these functions may terminate the process due to a memory +allocation failure resulting in a denial of service to the clients. The +flaw was introduced in glibc 2.15 when the cache was added to nscd. + +This vulnerability is only present the nscd binary. + +Subsequent refactoring of the netgroup cache only added more uses of +xmalloc and xrealloc. Uses of xmalloc and xrealloc in other parts of +nscd only occur during startup of the daemon and so are not affected by +client requests that could trigger an out of memory followed by +termination. + +CVE-Id: CVE-2024-33601 +Public-Date: 2024-04-24 +Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15) +Fix-Commit: c04a21e050d64a1193a6daab872bca2528bda44b (2.40) +Fix-Commit: a9a8d3eebb145779a18d90e3966009a1daa63cd8 (2.39-38) +Fix-Commit: 71af8ca864345d39b746d5cee84b94b430fad5db (2.38-75) +Fix-Commit: 6e106dc214d6a033a4e945d1c6cf58061f1c5f1f (2.37-94) +Fix-Commit: b6742463694b1dfdd5120b91ee21cf05d15ec2e2 (2.36-168) +Fix-Commit: 7a5864cac60e06000394128a5a2817b03542f5a3 (2.35-319) +Fix-Commit: 86f1d5f4129c373ac6fb6df5bcf38273838843cb (2.34-463) +Fix-Commit: 4d27d4b9a188786fc6a56745506cec2acfc51f83 (2.33-267) +Fix-Commit: 3ed195a8ec89da281e3c4bf887a13d281b72d8f4 (2.32-144) +Fix-Commit: bbf5a58ccb55679217f94de706164d15372fbbc0 (2.31-158) diff --git a/advisories/GLIBC-SA-2024-0008 b/advisories/GLIBC-SA-2024-0008 new file mode 100644 index 0000000000..60c0187b76 --- /dev/null +++ b/advisories/GLIBC-SA-2024-0008 @@ -0,0 +1,26 @@ +nscd: netgroup cache assumes NSS callback uses in-buffer strings + +The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory +when the NSS callback does not store all strings in the provided buffer. +The flaw was introduced in glibc 2.15 when the cache was added to nscd. + +This vulnerability is only present the nscd binary. + +There is no guarantee from the NSS callback API that the returned +strings are all within the buffer. However, the netgroup cache code +assumes that the NSS callback uses in-buffer strings and if it doesn't +the buffer resizing logic could lead to potential memory corruption. + +CVE-Id: CVE-2024-33602 +Public-Date: 2024-04-24 +Vulnerable-Commit: 684ae515993269277448150a1ca70db3b94aa5bd (2.15) +Fix-Commit: c04a21e050d64a1193a6daab872bca2528bda44b (2.40) +Fix-Commit: a9a8d3eebb145779a18d90e3966009a1daa63cd8 (2.39-38) +Fix-Commit: 71af8ca864345d39b746d5cee84b94b430fad5db (2.38-75) +Fix-Commit: 6e106dc214d6a033a4e945d1c6cf58061f1c5f1f (2.37-94) +Fix-Commit: b6742463694b1dfdd5120b91ee21cf05d15ec2e2 (2.36-168) +Fix-Commit: 7a5864cac60e06000394128a5a2817b03542f5a3 (2.35-319) +Fix-Commit: 86f1d5f4129c373ac6fb6df5bcf38273838843cb (2.34-463) +Fix-Commit: 4d27d4b9a188786fc6a56745506cec2acfc51f83 (2.33-267) +Fix-Commit: 3ed195a8ec89da281e3c4bf887a13d281b72d8f4 (2.32-144) +Fix-Commit: bbf5a58ccb55679217f94de706164d15372fbbc0 (2.31-158) From patchwork Thu May 2 01:58:50 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Carlos O'Donell X-Patchwork-Id: 1930522 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=redhat.com header.i=@redhat.com header.a=rsa-sha256 header.s=mimecast20190719 header.b=OOVs25al; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=sourceware.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=server2.sourceware.org; envelope-from=libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VVHHb6BqWz1ymc for ; Thu, 2 May 2024 12:02:03 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id E6AAA384AB7B for ; Thu, 2 May 2024 02:02:01 +0000 (GMT) X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id E7D2D3858C78 for ; Thu, 2 May 2024 02:01:36 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org E7D2D3858C78 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org E7D2D3858C78 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=170.10.129.124 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714615298; cv=none; b=IYM+qcvvnwqXqPSOWC4BXN8mV65zFdETPsHzWbQO7ZH0xW6EGU+LCa2pVJZ9btf42ebRk44KrROYYaKz3+CzLI7htrxl7EaL6Nn7NTGPPUy9ZPZIDAIRuRY5mQCheUZ6txSaqCdxkpzW9KRWFihBhG2hC3y0owB6ePctSJchvH8= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714615298; c=relaxed/simple; bh=alAHVaJ/XhJdpm0bKkULACc455vZsiaUlzrpIF/K+do=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=OjNSU0YLWE1fAELU7rlzMUfsF/fiDOhLXS+eCNcBo/LeD6eJKARNSMdam3iyIHd64cbfOCclKhEBbREYGhtuLLO3goKtbRqrZT1PpSV8LTUARTlVbGntYCBtaDmjDhOyEx4uWJ1SAC4H2cwd2kGkSKXwEu54JVttH2bgAi3VIOg= ARC-Authentication-Results: i=1; server2.sourceware.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1714615296; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=IJZz2RyPCLvmP+br6gO6S1lMmQL5jXSoY4fYltoAzCc=; b=OOVs25al+cTfor89yAsyD4KaxepDIasZHAvmXBN7htgmYKrsbOp5pjZwKnjRzCKZIPykc1 PoCYj1yIP+6tjyUuCB/02TmXigX6jGm0t5yR8C9IjjqmOAjKSXxIVmRQc9BDLJ9s2ejBTn TYpLiT3ktQiJNUARCIYtg69Cr38dpnw= Received: from mail-qk1-f198.google.com (mail-qk1-f198.google.com [209.85.222.198]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-635-8nrhccyCOc2MeO8t8TtknA-1; Wed, 01 May 2024 22:01:35 -0400 X-MC-Unique: 8nrhccyCOc2MeO8t8TtknA-1 Received: by mail-qk1-f198.google.com with SMTP id af79cd13be357-7906ffdf07bso1049226085a.0 for ; Wed, 01 May 2024 19:01:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714615294; x=1715220094; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=IJZz2RyPCLvmP+br6gO6S1lMmQL5jXSoY4fYltoAzCc=; b=m1kOWmX6OK8tsPhoeRTRCBsXAsz8CdHptje/usbzeG3g27b0evJ/c6HPPDyjjgxpKc 0r/c/sX+aMO7deaeR2D9g+vm/cKgt2mw5X+Us6BDu9xr/51EAEg9Csi5TjlN/JM1iSPf hVEF8sfAhchrObzjOyXtLdywU1ppIkRrZ9T3nsOUNCvQg2X0JVBok1AnDcepvDtMNqx2 CnJdWiWIwg46C+GVq2kJeV7XgvgbgnqrdRkhBc7SuucZdSq7tWBgQKKt+Bom+QIISNE6 ydAIEtb9oC4CJUAMkZbkRZ/yd6vM+Kjo/cCi9SVa4U9cOWUzVjcV6EYGEIi7pDQCl5FX JxXA== X-Gm-Message-State: AOJu0YysMp7PXnsxmltJF+0GelevDyZWxAD5lM9lj3/AD1ovYjPW+Loe slprXASUCYLqoDQQlIuNUfXKacBTzrPQh2TxaSA9vmVjKCQN/T2uQ34AvjlgYVinv0eca4MoXQd SM7qU73rw+K5Gbvh8F9GBkkRugyi6wmZ3dqg0NYJSZxCL4ALeC985wWewf90RDcwHB/lBa24ZEW z1CRV8pmFS4xU9mD9J5qRsgiwzCqpJsrdJnYAft8w= X-Received: by 2002:ae9:e64a:0:b0:790:e8af:d3fd with SMTP id x10-20020ae9e64a000000b00790e8afd3fdmr877335qkl.75.1714615294444; Wed, 01 May 2024 19:01:34 -0700 (PDT) X-Google-Smtp-Source: AGHT+IEJeZ9fNMd63qZZy/F5gLXKVEXWBAjPyU+UhEuuJ5Vc45m7XN/58uuGuiLiZbsZW4ibmnPi1w== X-Received: by 2002:ae9:e64a:0:b0:790:e8af:d3fd with SMTP id x10-20020ae9e64a000000b00790e8afd3fdmr877301qkl.75.1714615293985; Wed, 01 May 2024 19:01:33 -0700 (PDT) Received: from athas.redhat.com ([198.48.244.52]) by smtp.gmail.com with ESMTPSA id pa2-20020a05620a830200b0078ede2e9125sm12665938qkn.57.2024.05.01.19.01.29 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 01 May 2024 19:01:30 -0700 (PDT) From: Carlos O'Donell To: libc-alpha@sourceware.org, Adhemerval Zanella , Siddhesh Poyarekar Cc: Carlos O'Donell Subject: [PATCH 2/2] NEWS: Add advisories. Date: Wed, 1 May 2024 21:58:50 -0400 Message-ID: <20240502020121.3267018-2-carlos@redhat.com> X-Mailer: git-send-email 2.44.0 In-Reply-To: <20240502020121.3267018-1-carlos@redhat.com> References: <20240502020121.3267018-1-carlos@redhat.com> MIME-Version: 1.0 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-type: text/plain; charset=UTF-8 X-Spam-Status: No, score=-12.7 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: libc-alpha-bounces+incoming=patchwork.ozlabs.org@sourceware.org GLIBC-SA-2024-0004: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961) GLIBC-SA-2024-0005: nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) GLIBC-SA-2024-0006: nscd: Avoid null pointer crashes after notfound response (CVE-2024-33600) GLIBC-SA-2024-0007: nscd: netgroup cache may terminate daemon on memory allocation failure (CVE-2024-33601) GLIBC-SA-2024-0008: nscd: netgroup cache assumes NSS callback uses in-buffer strings (CVE-2024-33602) Reviewed-by: Siddhesh Poyarekar --- NEWS | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/NEWS b/NEWS index cf6078cf20..fbec7ec6f2 100644 --- a/NEWS +++ b/NEWS @@ -177,6 +177,25 @@ found in the advisories directory of the release tarball: GLIBC-SA-2024-0003: syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780) + GLIBC-SA-2024-0004: + ISO-2022-CN-EXT: fix out-of-bound writes when writing escape + sequence (CVE-2024-2961) + + GLIBC-SA-2024-0005: + nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599) + + GLIBC-SA-2024-0006: + nscd: Avoid null pointer crashes after notfound response + (CVE-2024-33600) + + GLIBC-SA-2024-0007: + nscd: netgroup cache may terminate daemon on memory allocation + failure (CVE-2024-33601) + + GLIBC-SA-2024-0008: + nscd: netgroup cache assumes NSS callback uses in-buffer strings + (CVE-2024-33602) + The following bugs are resolved with this release: [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird