Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

update: glibc #1433

Closed
dongsupark opened this issue Apr 22, 2024 · 1 comment · Fixed by flatcar/scripts#1990
Closed

update: glibc #1433

dongsupark opened this issue Apr 22, 2024 · 1 comment · Fixed by flatcar/scripts#1990
Assignees
@dongsupark
Labels
advisory security advisory security security concerns

Comments

@dongsupark
Copy link
Member

dongsupark commented Apr 22, 2024
edited
Loading

Name: glibc
CVEs: CVE-2024-2961, CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
CVSSs: n/a, n/a, n/a, n/a, n/a
Action Needed: update to >= 2.38-r13

Summary:

  • CVE-2024-2961: The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable. ISO-2022-CN-EXT uses escape sequences to indicate character set changes (as specified by RFC 1922). While the SOdesignation has the expected bounds checks, neither SS2designation nor SS3designation have its; allowing a write overflow of 1, 2, or 3 bytes with fixed values: '$+I', '$+J', '$+K', '$+L', '$+M', or '$*H'.
  • CVE-2024-33599: netgroup cache: invalid memcpy under low memory/storage conditions.
    mempool_alloc fails and returns NULL. This is possible if posix_fallocate fails and the retry fails. This was detected by static code analysis. It will only happen in the case the database runs out of memory/storage while expanding the netgroup cache. The group entries overwrite other data on the stack after dataset_mem. The workaround is not to cache the netgroup if this is impacting the use of the application.
  • CVE-2024-33600: After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. In addinnetgrX, addgetnetgrentX may have produced a NULL result, indicating a not-found status, but this is not handled in the subsequent code that prepares the record that will be sent out to the client.
  • CVE-2024-33601: The netgroup cache uses xmalloc/xrealloc and may terminate the process due to a memory allocation failure.
  • CVE-2024-33602: The buffer-resizing code in addgetnetgrentX assumes that all string pointers point into the supplied buffer

See also https://security.gentoo.org/glsa/202405-17.

refmap.gentoo:
@dongsupark dongsupark added security security concerns advisory security advisory labels Apr 22, 2024
@dongsupark dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Apr 22, 2024
@github-actions github-actions bot mentioned this issue Apr 22, 2024
Closed
@dongsupark dongsupark moved this from 🪵Backlog to 🌱 Upcoming / Focus in Flatcar tactical, release planning, and roadmap Apr 24, 2024
@dongsupark
Copy link
Member Author

Added CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602

@dongsupark dongsupark self-assigned this May 16, 2024
@dongsupark dongsupark mentioned this issue May 16, 2024
Merged
2 tasks
@github-project-automation github-project-automation bot moved this from 🌱 Upcoming / Focus to Implemented in Flatcar tactical, release planning, and roadmap May 17, 2024
@github-actions github-actions bot mentioned this issue May 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dongsupark dongsupark

Labels
advisory security advisory security security concerns
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

sys-libs/glibc: update to 2.38-r13 flatcar/scripts
1 participant
@dongsupark