Bug 33185 - glibc (nscd) new security issues CVE-2024-33599, CVE-2024-3360[0-2]
Summary: glibc (nscd) new security issues CVE-2024-33599, CVE-2024-3360[0-2]
Status: RESOLVED FIXED
Alias: None
Product: Mageia
Classification: Unclassified
Component: Security (show other bugs)
Version: 9
Hardware: All Linux
Priority: Normal normal
Target Milestone: ---
Assignee: QA Team
QA Contact: Sec team
URL:
Whiteboard: MGA9-64-OK MGA9-32-OK
Keywords: advisory, validated_update
Depends on:
Blocks:
 
Reported: 2024-05-07 09:34 CEST by Nicolas Salguero
Modified: 2024-05-10 18:10 CEST (History)
5 users (show)

See Also:
Source RPM: glibc-2.36-53.mga9.src.rpm
CVE: CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nicolas Salguero 2024-05-07 09:34:58 CEST 
Those CVEs were announced here:
https://www.openwall.com/lists/oss-security/2024/05/06/5

Mageia 9 is also affected.
Nicolas Salguero 2024-05-07 09:35:53 CEST

Status comment: (none) => Patches available from upstream
Whiteboard: (none) => MGA9TOO
Source RPM: (none) => glibc-2.39-7.mga10.src.rpm, glibc-2.36-53.mga9.src.rpm
CVE: (none) => CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602

Comment 1 Nicolas Salguero 2024-05-07 11:58:55 CEST 
Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. (CVE-2024-33599)

Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. (CVE-2024-33600)

Netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. (CVE-2024-33601)

Netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. (CVE-2024-33602)

References:
https://www.openwall.com/lists/oss-security/2024/05/06/5
========================

Updated packages in core/updates_testing:
========================
glibc-2.36-54.mga9
glibc-devel-2.36-54.mga9
glibc-doc-2.36-54.mga9
glibc-i18ndata-2.36-54.mga9
glibc-profile-2.36-54.mga9
glibc-static-devel-2.36-54.mga9
glibc-utils-2.36-54.mga9
nscd-2.36-54.mga9

from SRPM:
glibc-2.36-54.mga9.src.rpm

Source RPM: glibc-2.39-7.mga10.src.rpm, glibc-2.36-53.mga9.src.rpm => glibc-2.36-53.mga9.src.rpm
Status comment: Patches available from upstream => (none)
Whiteboard: MGA9TOO => (none)
Status: NEW => ASSIGNED
Version: Cauldron => 9
Assignee: bugsquad => qa-bugs

Comment 2 Brian Rockwell 2024-05-07 15:04:04 CEST 
MGA9-64, GNOME, AMD Ryzen 5600, Nvidia 1050

The following 2 packages are going to be installed:

- glibc-2.36-54.mga9.x86_64
- glibc-devel-2.36-54.mga9.x86_64


-----

- Nvidia working

# lsmod | grep nvidia
nvidia_uvm           4857856  0
nvidia_drm            114688  8
drm_kms_helper        249856  1 nvidia_drm
nvidia_modeset       1359872  11 nvidia_drm
video                  73728  1 nvidia_modeset
nvidia              54255616  201 nvidia_uvm,nvidia_modeset
drm                   831488  12 drm_kms_helper,nvidia,nvidia_drm


- system behaving as expected.


I"m not sure why nscd is combined with this update.  Not using it on this hardware.

CC: (none) => brtians1

Comment 3 Brian Rockwell 2024-05-08 15:26:30 CEST 
MGA9-64, ‎AMD Ryzen 5 2600, Nvidia 1650 (550), GNOME

The following 3 packages are going to be installed:

- glibc-2.36-54.mga9.x86_64
- glibc-devel-2.36-54.mga9.x86_64
- nscd-2.36-54.mga9.x86_64

- rebooted

System came up 
Nvidia driver working

Systems are working as expected. Audio and video working.  Nothing quirky.
Comment 4 Jose Manuel López 2024-05-08 17:44:58 CEST 
Installed in:

Slimbook I5 Mageia 9 Plasma x86_64 

Asus 1005 Eeeepc Intel Atom Mageia 9 Lxqt

I have had no problems updating glib.

Shutdown, reboot and startup ok.
Video and audio ok.
Apps ok.
Internet ok.

I have no problems at the moment using the equipment at work today.

Greetings!

CC: (none) => joselp

katnatek 2024-05-09 00:27:50 CEST

Keywords: (none) => advisory

Comment 5 PC LX 2024-05-09 11:37:18 CEST 
Installed and tested without issues.


Two days of usage in multiple systems (server, workstation, QEMU/KVM virtual machines). No issues or regressions noticed.


System A: Mageia 9, x86_64, Plasma DE, LXQt DE, VNC server, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz, Intel iGPU Xeon E3-1200 using i915 driver.
System B: Mageia 9, x86_64, Plasma DE, LXQt DE, VNC client, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver.
System C: Mageia 9, x86_64, LXQt DE, QEMU/KVM guest hosted by system B, AMD Ryzen 5 5600G with Radeon Graphics, virtio plus SPICE.
System D: Mageia 9, x86_64, LXQt DE, QEMU/KVM guest hosted by system B, AMD Ryzen 5 5600G with Radeon Graphics, PCI pass through of AMD RX 6500 XT using amdgpu driver.
System E: Mageia 9, aarch64, WindowMaker DE, QEMU/KVM guest hosted by system B, Cortex-A76 emulation, virtio plus SPICE.



####### System A #######
$ uname -a
Linux marte 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep glibc
glibc-2.36-54.mga9
glibc-devel-2.36-54.mga9



####### System B #######
$ uname -a
Linux jupiter 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep glibc
glibc-2.36-54.mga9
glibc-devel-2.36-54.mga9



####### System C #######
$ uname -a
Linux jupiter-vm-mageia-9 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep glibc
glibc-2.36-54.mga9



####### System D #######
$ uname -a
Linux jupiter-vm-mageia-9-jogos 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux
$ rpm -qa | grep glibc
glibc-2.36-54.mga9



####### System E #######
# uname -a
Linux jupiter-vm-mageia-9-aarch64 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 20:15:41 UTC 2024 aarch64 GNU/Linux
# rpm -qa | grep glibc
glibc-2.36-54.mga9

CC: (none) => mageia

Comment 6 Thomas Andrews 2024-05-10 02:46:20 CEST 
MGA9-64 Plasma on two systems: i5-7500, nvidia Quadro K620, and HP Pavilion, A8-4555 APU.

Used each system for a total of two hours of everyday usage today, primarily with Firefox and Thunderbird. No issues noted.

Giving this a 64-bit OK, but because this is basic to operations, we will need a 32-bit test or two before validating.

CC: (none) => andrewsfarm
Whiteboard: (none) => MGA9-64-OK

Comment 7 katnatek 2024-05-10 04:02:40 CEST 
RH mageia 9 i586

Updated along of other official and thirdparty updates

LC_ALL=C urpmi --auto --auto-update 
medium "QA Testing (32-bit)" is up-to-date
    https://ftp.blogdrake.net/mageia/mageia9/free/i586/media_info/synthesis.hdlist.cz
updated medium "BDK-Free-i586"                                                                    
    https://ftp.blogdrake.net/mageia/mageia9/free/noarch/media_info/synthesis.hdlist.cz
updated medium "BDK-Free-noarch"                                                                  
medium "BDK-NonFree-i586" is up-to-date
medium "Core Release (distrib1)" is up-to-date
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/media_info/20240509-022524-synthesis.hdlist.cz
updated medium "Core Updates (distrib3)"                                                          
medium "Nonfree Release (distrib11)" is up-to-date
medium "Nonfree Updates (distrib13)" is up-to-date
medium "Tainted Release (distrib21)" is up-to-date
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/tainted/updates/media_info/20240509-023630-synthesis.hdlist.cz
updated medium "Tainted Updates (distrib23)"                                                      


installing glibc-2.36-54.mga9.i586.rpm glibc-utils-2.36-54.mga9.i586.rpm glibc-devel-2.36-54.mga9.i586.rpm from //home/katnatek/qa-testing/i586
Preparing...                     ################################################################
      1/3: glibc                 ################################################################
      2/3: glibc-devel           ################################################################
      3/3: glibc-utils           ################################################################
      1/3: removing glibc-utils-6:2.36-53.mga9.i586
                                 ################################################################
      2/3: removing glibc-devel-6:2.36-53.mga9.i586
                                 ################################################################
      3/3: removing glibc-6:2.36-53.mga9.i586
                                 ################################################################
You should restart your computer for glibc
restarting urpmi


    https://ftp.blogdrake.net/mageia/mageia9/free/noarch/yt-dlp-2024.04.09-0.1bdk_mga9.noarch.rpm
    https://ftp.blogdrake.net/mageia/mageia9/free/noarch/videomass-5.0.12-1bdk_mga9.noarch.rpm    
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-3.1.5-45.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-json-2.6.1-45.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/exfatprogs-1.2.0-1.1.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libopenpmix2-4.2.3-1.1.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-irb-3.1.5-45.mga9.noarch.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-io-console-0.5.11-45.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libxml2_2-2.10.4-1.3.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-RubyGems-3.3.26-45.mga9.noarch.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-rdoc-6.4.1.1-45.mga9.noarch.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libtiff6-4.5.1-1.3.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libxml2-utils-2.10.4-1.3.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libruby3.1-3.1.5-45.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libxml2-devel-2.10.4-1.3.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/traceroute-2.1.3-1.mga9.i586.rpm
    https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-psych-4.0.4-45.mga9.i586.rpm
installing //home/katnatek/qa-testing/i586/nscd-2.36-54.mga9.i586.rpm                             
/var/cache/urpmi/rpms/traceroute-2.1.3-1.mga9.i586.rpm
/var/cache/urpmi/rpms/videomass-5.0.12-1bdk_mga9.noarch.rpm
/var/cache/urpmi/rpms/ruby-psych-4.0.4-45.mga9.i586.rpm
/var/cache/urpmi/rpms/libxml2-devel-2.10.4-1.3.mga9.i586.rpm
//home/katnatek/qa-testing/i586/glibc-profile-2.36-54.mga9.i586.rpm
/var/cache/urpmi/rpms/libxml2-utils-2.10.4-1.3.mga9.i586.rpm
/var/cache/urpmi/rpms/libruby3.1-3.1.5-45.mga9.i586.rpm
/var/cache/urpmi/rpms/ruby-rdoc-6.4.1.1-45.mga9.noarch.rpm
/var/cache/urpmi/rpms/libtiff6-4.5.1-1.3.mga9.i586.rpm
//home/katnatek/qa-testing/i586/glibc-i18ndata-2.36-54.mga9.i586.rpm
/var/cache/urpmi/rpms/ruby-irb-3.1.5-45.mga9.noarch.rpm
/var/cache/urpmi/rpms/ruby-RubyGems-3.3.26-45.mga9.noarch.rpm
/var/cache/urpmi/rpms/ruby-io-console-0.5.11-45.mga9.i586.rpm
/var/cache/urpmi/rpms/libxml2_2-2.10.4-1.3.mga9.i586.rpm
/var/cache/urpmi/rpms/yt-dlp-2024.04.09-0.1bdk_mga9.noarch.rpm
/var/cache/urpmi/rpms/libopenpmix2-4.2.3-1.1.mga9.i586.rpm
/var/cache/urpmi/rpms/ruby-json-2.6.1-45.mga9.i586.rpm
/var/cache/urpmi/rpms/exfatprogs-1.2.0-1.1.mga9.i586.rpm
//home/katnatek/qa-testing/i586/glibc-doc-2.36-54.mga9.noarch.rpm
/var/cache/urpmi/rpms/ruby-3.1.5-45.mga9.i586.rpm
Preparing...                     ################################################################
     1/21: yt-dlp                ################################################################
     2/21: ruby-irb              ################################################################
     3/21: videomass             ################################################################
     4/21: glibc-doc             ################################################################
     5/21: glibc-i18ndata        ################################################################
     6/21: glibc-profile         ################################################################
     7/21: libruby3.1            ################################################################
     8/21: libxml2_2             ################################################################
     9/21: ruby-io-console       ################################################################
    10/21: ruby-rdoc             ################################################################
    11/21: ruby-json             ################################################################
    12/21: ruby                  ################################################################
    13/21: ruby-RubyGems         ################################################################
    14/21: ruby-psych            ################################################################
    15/21: libxml2-devel         ################################################################
    16/21: libxml2-utils         ################################################################
    17/21: exfatprogs            ################################################################
    18/21: libopenpmix2          ################################################################
    19/21: libtiff6              ################################################################
    20/21: traceroute            ################################################################
    21/21: nscd                  ################################################################
     1/21: removing libxml2-utils-2.10.4-1.2.mga9.i586
                                 ################################################################
     2/21: removing ruby-rdoc-6.4.0-44.mga9.noarch
                                 ################################################################
     3/21: removing ruby-io-console-0.5.11-44.mga9.i586
                                 ################################################################
     4/21: removing ruby-json-2.6.1-44.mga9.i586
                                 ################################################################
     5/21: removing ruby-3.1.4-44.mga9.i586
                                 ################################################################
     6/21: removing ruby-RubyGems-3.3.26-44.mga9.noarch
                                 ################################################################
     7/21: removing ruby-psych-4.0.4-44.mga9.i586
                                 ################################################################
     8/21: removing videomass-5.0.2-1bdk_mga9.noarch
                                 ################################################################
     9/21: removing libxml2-devel-2.10.4-1.2.mga9.i586
                                 ################################################################
    10/21: removing libxml2_2-2.10.4-1.2.mga9.i586
                                 ################################################################
    11/21: removing yt-dlp-2024.03.10-1.mga9.noarch
                                 ################################################################
    12/21: removing libruby3.1-3.1.4-44.mga9.i586
                                 ################################################################
    13/21: removing ruby-irb-3.1.4-44.mga9.noarch
                                 ################################################################
    14/21: removing glibc-doc-6:2.36-53.mga9.noarch
                                 ################################################################
    15/21: removing exfatprogs-1:1.2.0-1.mga9.i586
                                 ################################################################
    16/21: removing libopenpmix2-4.2.3-1.mga9.i586
                                 ################################################################
    17/21: removing glibc-i18ndata-6:2.36-53.mga9.i586
                                 ################################################################
    18/21: removing libtiff6-4.5.1-1.2.mga9.i586
                                 ################################################################
    19/21: removing glibc-profile-6:2.36-53.mga9.i586
                                 ################################################################
    20/21: removing traceroute-2.1.2-1.mga9.i586
                                 ################################################################
    21/21: removing nscd-6:2.36-53.mga9.i586
                                 ################################################################

Reboot

test memusage --png=test rpm -qa

Works
Comment 8 Brian Rockwell 2024-05-10 04:56:26 CEST 
MGA9-64, AMD 3015e APU, laptop

Installed glibc and nscd package

sleep working
system is behavng
Comment 9 Thomas Andrews 2024-05-10 14:41:40 CEST 
Should be enough. Validating.

Keywords: (none) => validated_update
Whiteboard: MGA9-64-OK => MGA9-64-OK MGA9-32-OK
CC: (none) => sysadmin-bugs

Comment 10 Mageia Robot 2024-05-10 18:10:29 CEST 
An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2024-0173.html

Resolution: (none) => FIXED
Status: ASSIGNED => RESOLVED
Note You need to log in before you can comment on or make changes to this bug.