| Summary: | glibc (nscd) new security issues CVE-2024-33599, CVE-2024-3360[0-2] | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Salguero <nicolas.salguero> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | andrewsfarm, brtians1, joselp, mageia, sysadmin-bugs |
| Version: | 9 | Keywords: | advisory, validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | MGA9-64-OK MGA9-32-OK | ||
| Source RPM: | glibc-2.36-53.mga9.src.rpm | CVE: | CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 |
| Status comment: | |||
|
Description
Nicolas Salguero
2024-05-07 09:34:58 CEST
Nicolas Salguero
2024-05-07 09:35:53 CEST
Status comment:
(none) =>
Patches available from upstream Suggested advisory: ======================== The updated packages fix security vulnerabilities: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. (CVE-2024-33599) Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. (CVE-2024-33600) Netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. (CVE-2024-33601) Netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. (CVE-2024-33602) References: https://www.openwall.com/lists/oss-security/2024/05/06/5 ======================== Updated packages in core/updates_testing: ======================== glibc-2.36-54.mga9 glibc-devel-2.36-54.mga9 glibc-doc-2.36-54.mga9 glibc-i18ndata-2.36-54.mga9 glibc-profile-2.36-54.mga9 glibc-static-devel-2.36-54.mga9 glibc-utils-2.36-54.mga9 nscd-2.36-54.mga9 from SRPM: glibc-2.36-54.mga9.src.rpm Source RPM:
glibc-2.39-7.mga10.src.rpm, glibc-2.36-53.mga9.src.rpm =>
glibc-2.36-53.mga9.src.rpm MGA9-64, GNOME, AMD Ryzen 5600, Nvidia 1050 The following 2 packages are going to be installed: - glibc-2.36-54.mga9.x86_64 - glibc-devel-2.36-54.mga9.x86_64 ----- - Nvidia working # lsmod | grep nvidia nvidia_uvm 4857856 0 nvidia_drm 114688 8 drm_kms_helper 249856 1 nvidia_drm nvidia_modeset 1359872 11 nvidia_drm video 73728 1 nvidia_modeset nvidia 54255616 201 nvidia_uvm,nvidia_modeset drm 831488 12 drm_kms_helper,nvidia,nvidia_drm - system behaving as expected. I"m not sure why nscd is combined with this update. Not using it on this hardware. CC:
(none) =>
brtians1 MGA9-64, AMD Ryzen 5 2600, Nvidia 1650 (550), GNOME The following 3 packages are going to be installed: - glibc-2.36-54.mga9.x86_64 - glibc-devel-2.36-54.mga9.x86_64 - nscd-2.36-54.mga9.x86_64 - rebooted System came up Nvidia driver working Systems are working as expected. Audio and video working. Nothing quirky. Installed in: Slimbook I5 Mageia 9 Plasma x86_64 Asus 1005 Eeeepc Intel Atom Mageia 9 Lxqt I have had no problems updating glib. Shutdown, reboot and startup ok. Video and audio ok. Apps ok. Internet ok. I have no problems at the moment using the equipment at work today. Greetings! CC:
(none) =>
joselp
katnatek
2024-05-09 00:27:50 CEST
Keywords:
(none) =>
advisory Installed and tested without issues. Two days of usage in multiple systems (server, workstation, QEMU/KVM virtual machines). No issues or regressions noticed. System A: Mageia 9, x86_64, Plasma DE, LXQt DE, VNC server, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz, Intel iGPU Xeon E3-1200 using i915 driver. System B: Mageia 9, x86_64, Plasma DE, LXQt DE, VNC client, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver. System C: Mageia 9, x86_64, LXQt DE, QEMU/KVM guest hosted by system B, AMD Ryzen 5 5600G with Radeon Graphics, virtio plus SPICE. System D: Mageia 9, x86_64, LXQt DE, QEMU/KVM guest hosted by system B, AMD Ryzen 5 5600G with Radeon Graphics, PCI pass through of AMD RX 6500 XT using amdgpu driver. System E: Mageia 9, aarch64, WindowMaker DE, QEMU/KVM guest hosted by system B, Cortex-A76 emulation, virtio plus SPICE. ####### System A ####### $ uname -a Linux marte 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep glibc glibc-2.36-54.mga9 glibc-devel-2.36-54.mga9 ####### System B ####### $ uname -a Linux jupiter 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep glibc glibc-2.36-54.mga9 glibc-devel-2.36-54.mga9 ####### System C ####### $ uname -a Linux jupiter-vm-mageia-9 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep glibc glibc-2.36-54.mga9 ####### System D ####### $ uname -a Linux jupiter-vm-mageia-9-jogos 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep glibc glibc-2.36-54.mga9 ####### System E ####### # uname -a Linux jupiter-vm-mageia-9-aarch64 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 20:15:41 UTC 2024 aarch64 GNU/Linux # rpm -qa | grep glibc glibc-2.36-54.mga9 CC:
(none) =>
mageia MGA9-64 Plasma on two systems: i5-7500, nvidia Quadro K620, and HP Pavilion, A8-4555 APU. Used each system for a total of two hours of everyday usage today, primarily with Firefox and Thunderbird. No issues noted. Giving this a 64-bit OK, but because this is basic to operations, we will need a 32-bit test or two before validating. CC:
(none) =>
andrewsfarm RH mageia 9 i586
Updated along of other official and thirdparty updates
LC_ALL=C urpmi --auto --auto-update
medium "QA Testing (32-bit)" is up-to-date
https://ftp.blogdrake.net/mageia/mageia9/free/i586/media_info/synthesis.hdlist.cz
updated medium "BDK-Free-i586"
https://ftp.blogdrake.net/mageia/mageia9/free/noarch/media_info/synthesis.hdlist.cz
updated medium "BDK-Free-noarch"
medium "BDK-NonFree-i586" is up-to-date
medium "Core Release (distrib1)" is up-to-date
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/media_info/20240509-022524-synthesis.hdlist.cz
updated medium "Core Updates (distrib3)"
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/tainted/updates/media_info/20240509-023630-synthesis.hdlist.cz
updated medium "Tainted Updates (distrib23)"
installing glibc-2.36-54.mga9.i586.rpm glibc-utils-2.36-54.mga9.i586.rpm glibc-devel-2.36-54.mga9.i586.rpm from //home/katnatek/qa-testing/i586
Preparing... ################################################################
1/3: glibc ################################################################
2/3: glibc-devel ################################################################
3/3: glibc-utils ################################################################
1/3: removing glibc-utils-6:2.36-53.mga9.i586
################################################################
2/3: removing glibc-devel-6:2.36-53.mga9.i586
################################################################
3/3: removing glibc-6:2.36-53.mga9.i586
################################################################
You should restart your computer for glibc
restarting urpmi
https://ftp.blogdrake.net/mageia/mageia9/free/noarch/yt-dlp-2024.04.09-0.1bdk_mga9.noarch.rpm
https://ftp.blogdrake.net/mageia/mageia9/free/noarch/videomass-5.0.12-1bdk_mga9.noarch.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-3.1.5-45.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-json-2.6.1-45.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/exfatprogs-1.2.0-1.1.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libopenpmix2-4.2.3-1.1.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-irb-3.1.5-45.mga9.noarch.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-io-console-0.5.11-45.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libxml2_2-2.10.4-1.3.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-RubyGems-3.3.26-45.mga9.noarch.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-rdoc-6.4.1.1-45.mga9.noarch.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libtiff6-4.5.1-1.3.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libxml2-utils-2.10.4-1.3.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libruby3.1-3.1.5-45.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libxml2-devel-2.10.4-1.3.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/traceroute-2.1.3-1.mga9.i586.rpm
https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-psych-4.0.4-45.mga9.i586.rpm
installing //home/katnatek/qa-testing/i586/nscd-2.36-54.mga9.i586.rpm
/var/cache/urpmi/rpms/traceroute-2.1.3-1.mga9.i586.rpm
/var/cache/urpmi/rpms/videomass-5.0.12-1bdk_mga9.noarch.rpm
/var/cache/urpmi/rpms/ruby-psych-4.0.4-45.mga9.i586.rpm
/var/cache/urpmi/rpms/libxml2-devel-2.10.4-1.3.mga9.i586.rpm
//home/katnatek/qa-testing/i586/glibc-profile-2.36-54.mga9.i586.rpm
/var/cache/urpmi/rpms/libxml2-utils-2.10.4-1.3.mga9.i586.rpm
/var/cache/urpmi/rpms/libruby3.1-3.1.5-45.mga9.i586.rpm
/var/cache/urpmi/rpms/ruby-rdoc-6.4.1.1-45.mga9.noarch.rpm
/var/cache/urpmi/rpms/libtiff6-4.5.1-1.3.mga9.i586.rpm
//home/katnatek/qa-testing/i586/glibc-i18ndata-2.36-54.mga9.i586.rpm
/var/cache/urpmi/rpms/ruby-irb-3.1.5-45.mga9.noarch.rpm
/var/cache/urpmi/rpms/ruby-RubyGems-3.3.26-45.mga9.noarch.rpm
/var/cache/urpmi/rpms/ruby-io-console-0.5.11-45.mga9.i586.rpm
/var/cache/urpmi/rpms/libxml2_2-2.10.4-1.3.mga9.i586.rpm
/var/cache/urpmi/rpms/yt-dlp-2024.04.09-0.1bdk_mga9.noarch.rpm
/var/cache/urpmi/rpms/libopenpmix2-4.2.3-1.1.mga9.i586.rpm
/var/cache/urpmi/rpms/ruby-json-2.6.1-45.mga9.i586.rpm
/var/cache/urpmi/rpms/exfatprogs-1.2.0-1.1.mga9.i586.rpm
//home/katnatek/qa-testing/i586/glibc-doc-2.36-54.mga9.noarch.rpm
/var/cache/urpmi/rpms/ruby-3.1.5-45.mga9.i586.rpm
Preparing... ################################################################
1/21: yt-dlp ################################################################
2/21: ruby-irb ################################################################
3/21: videomass ################################################################
4/21: glibc-doc ################################################################
5/21: glibc-i18ndata ################################################################
6/21: glibc-profile ################################################################
7/21: libruby3.1 ################################################################
8/21: libxml2_2 ################################################################
9/21: ruby-io-console ################################################################
10/21: ruby-rdoc ################################################################
11/21: ruby-json ################################################################
12/21: ruby ################################################################
13/21: ruby-RubyGems ################################################################
14/21: ruby-psych ################################################################
15/21: libxml2-devel ################################################################
16/21: libxml2-utils ################################################################
17/21: exfatprogs ################################################################
18/21: libopenpmix2 ################################################################
19/21: libtiff6 ################################################################
20/21: traceroute ################################################################
21/21: nscd ################################################################
1/21: removing libxml2-utils-2.10.4-1.2.mga9.i586
################################################################
2/21: removing ruby-rdoc-6.4.0-44.mga9.noarch
################################################################
3/21: removing ruby-io-console-0.5.11-44.mga9.i586
################################################################
4/21: removing ruby-json-2.6.1-44.mga9.i586
################################################################
5/21: removing ruby-3.1.4-44.mga9.i586
################################################################
6/21: removing ruby-RubyGems-3.3.26-44.mga9.noarch
################################################################
7/21: removing ruby-psych-4.0.4-44.mga9.i586
################################################################
8/21: removing videomass-5.0.2-1bdk_mga9.noarch
################################################################
9/21: removing libxml2-devel-2.10.4-1.2.mga9.i586
################################################################
10/21: removing libxml2_2-2.10.4-1.2.mga9.i586
################################################################
11/21: removing yt-dlp-2024.03.10-1.mga9.noarch
################################################################
12/21: removing libruby3.1-3.1.4-44.mga9.i586
################################################################
13/21: removing ruby-irb-3.1.4-44.mga9.noarch
################################################################
14/21: removing glibc-doc-6:2.36-53.mga9.noarch
################################################################
15/21: removing exfatprogs-1:1.2.0-1.mga9.i586
################################################################
16/21: removing libopenpmix2-4.2.3-1.mga9.i586
################################################################
17/21: removing glibc-i18ndata-6:2.36-53.mga9.i586
################################################################
18/21: removing libtiff6-4.5.1-1.2.mga9.i586
################################################################
19/21: removing glibc-profile-6:2.36-53.mga9.i586
################################################################
20/21: removing traceroute-2.1.2-1.mga9.i586
################################################################
21/21: removing nscd-6:2.36-53.mga9.i586
################################################################
Reboot
test memusage --png=test rpm -qa
Works
MGA9-64, AMD 3015e APU, laptop Installed glibc and nscd package sleep working system is behavng Should be enough. Validating. Keywords:
(none) =>
validated_update An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0173.html Resolution:
(none) =>
FIXED |