[SECURITY] [DLA 3850-1] glibc security update

To: [email protected]
Subject: [SECURITY] [DLA 3850-1] glibc security update
From: Adrian Bunk <[email protected]>
Date: Sun, 30 Jun 2024 17:06:03 +0300
Message-id: <[🔎] ZoFmSz7cp23hPs0w@localhost>
Mail-followup-to: [email protected]
Reply-to: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-3850-1                [email protected]
https://www.debian.org/lts/security/                          Adrian Bunk
June 30, 2024                                 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : glibc
Version        : 2.28-10+deb10u4
CVE ID         : CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602

Multiple vulnerabilities have been fixed in the Name Service Cache Daemon
that is built by the GNU C library and shipped in the nscd binary package.

CVE-2024-33599

    nscd: Stack-based buffer overflow in netgroup cache

CVE-2024-33600

    nscd: Null pointer crashes after notfound response

CVE-2024-33601

    nscd: Daemon may terminate on memory allocation failure

CVE-2024-33602

    nscd: Possible memory corruption

For Debian 10 buster, these problems have been fixed in version
2.28-10+deb10u4.

We recommend that you upgrade your glibc packages.

For the detailed security status of glibc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glibc

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEOvp1f6xuoR0v9F3wiNJCh6LYmLEFAmaBZksACgkQiNJCh6LY
mLFKQw//V2MGxuX6AE5Fg9kFzjU4ZlGAFBdiXDwQIK33HmR5fLAdVgNqGlDdJyOW
Kq4g9e9IZMMPK5vEXJHHtLP5hqMdbSJ7jXHqBforzD1SqYJx3w83bBSpQvBb3ILF
+3AsvQ3q/Fq0+76idZmB/uEr3PKoYAZaN5zGiA0eldqiM0vQVH3a8PNX6zIkm7IZ
aEPHm6t2+x2SoV0GZ5Mn6lkjGwxiwDhfy3/7JAPinZnTMzY6/ADKqN/L7ttsdP5c
MWlsF5ZNioPNAiimfZmdvxukJtCWrgklhMi55HqIFGCIMbojSIEMdJOItETZKKU6
61mVoMBAK4SYdquHvYt86LukSmImCxnSNG4Uk6OcBFr72VKHoR1YEJ9REiBxN2sV
+KdFpYLmglJEIWiBObFdlvtvPGYjatKu4aY1g96OpqJi5Jw/EgQlhJenVf3BJcz/
QrRCqAL2BCbGAR66YlcaCI/x+9c7YG03Si+AQWPrDGdXiTGVFnHXJTssD5Z++H/J
7obzZdXnwPOGNA7pG0bypeIRrnCY0Ma5iDzB3sRQrBSiPU9vtOVRdNOsGA4IjI5f
CV+kjvm83CAr27ZIYtNb795tLiuSMKLPN5Vw9BNo05nR291fti1sGsFhU7w2xGvI
Lz8/7JwD2Xhk2Dqi2qMR3zA2wTd7+ELyoezlhHlQcRBox7aA16Q=
=yPsb
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 3846-1] libmojolicious-perl security update
Next by Date: [SECURITY] [DLA 3851-1] gunicorn security update
Previous by thread: [SECURITY] [DLA 3846-1] libmojolicious-perl security update
Next by thread: [SECURITY] [DLA 3851-1] gunicorn security update
Index(es):
- Date
- Thread