Those CVEs were announced here: https://www.openwall.com/lists/oss-security/2024/05/06/5 Mageia 9 is also affected.
Status comment: (none) => Patches available from upstreamWhiteboard: (none) => MGA9TOOSource RPM: (none) => glibc-2.39-7.mga10.src.rpm, glibc-2.36-53.mga9.src.rpmCVE: (none) => CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
Suggested advisory: ======================== The updated packages fix security vulnerabilities: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. (CVE-2024-33599) Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. (CVE-2024-33600) Netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. (CVE-2024-33601) Netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. (CVE-2024-33602) References: https://www.openwall.com/lists/oss-security/2024/05/06/5 ======================== Updated packages in core/updates_testing: ======================== glibc-2.36-54.mga9 glibc-devel-2.36-54.mga9 glibc-doc-2.36-54.mga9 glibc-i18ndata-2.36-54.mga9 glibc-profile-2.36-54.mga9 glibc-static-devel-2.36-54.mga9 glibc-utils-2.36-54.mga9 nscd-2.36-54.mga9 from SRPM: glibc-2.36-54.mga9.src.rpm
Source RPM: glibc-2.39-7.mga10.src.rpm, glibc-2.36-53.mga9.src.rpm => glibc-2.36-53.mga9.src.rpmStatus comment: Patches available from upstream => (none)Whiteboard: MGA9TOO => (none)Status: NEW => ASSIGNEDVersion: Cauldron => 9Assignee: bugsquad => qa-bugs
MGA9-64, GNOME, AMD Ryzen 5600, Nvidia 1050 The following 2 packages are going to be installed: - glibc-2.36-54.mga9.x86_64 - glibc-devel-2.36-54.mga9.x86_64 ----- - Nvidia working # lsmod | grep nvidia nvidia_uvm 4857856 0 nvidia_drm 114688 8 drm_kms_helper 249856 1 nvidia_drm nvidia_modeset 1359872 11 nvidia_drm video 73728 1 nvidia_modeset nvidia 54255616 201 nvidia_uvm,nvidia_modeset drm 831488 12 drm_kms_helper,nvidia,nvidia_drm - system behaving as expected. I"m not sure why nscd is combined with this update. Not using it on this hardware.
CC: (none) => brtians1
MGA9-64, AMD Ryzen 5 2600, Nvidia 1650 (550), GNOME The following 3 packages are going to be installed: - glibc-2.36-54.mga9.x86_64 - glibc-devel-2.36-54.mga9.x86_64 - nscd-2.36-54.mga9.x86_64 - rebooted System came up Nvidia driver working Systems are working as expected. Audio and video working. Nothing quirky.
Installed in: Slimbook I5 Mageia 9 Plasma x86_64 Asus 1005 Eeeepc Intel Atom Mageia 9 Lxqt I have had no problems updating glib. Shutdown, reboot and startup ok. Video and audio ok. Apps ok. Internet ok. I have no problems at the moment using the equipment at work today. Greetings!
CC: (none) => joselp
Keywords: (none) => advisory
Installed and tested without issues. Two days of usage in multiple systems (server, workstation, QEMU/KVM virtual machines). No issues or regressions noticed. System A: Mageia 9, x86_64, Plasma DE, LXQt DE, VNC server, Intel(R) Core(TM) i5-4590 CPU @ 3.30GHz, Intel iGPU Xeon E3-1200 using i915 driver. System B: Mageia 9, x86_64, Plasma DE, LXQt DE, VNC client, AMD Ryzen 5 5600G with Radeon Graphics using amdgpu driver. System C: Mageia 9, x86_64, LXQt DE, QEMU/KVM guest hosted by system B, AMD Ryzen 5 5600G with Radeon Graphics, virtio plus SPICE. System D: Mageia 9, x86_64, LXQt DE, QEMU/KVM guest hosted by system B, AMD Ryzen 5 5600G with Radeon Graphics, PCI pass through of AMD RX 6500 XT using amdgpu driver. System E: Mageia 9, aarch64, WindowMaker DE, QEMU/KVM guest hosted by system B, Cortex-A76 emulation, virtio plus SPICE. ####### System A ####### $ uname -a Linux marte 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep glibc glibc-2.36-54.mga9 glibc-devel-2.36-54.mga9 ####### System B ####### $ uname -a Linux jupiter 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep glibc glibc-2.36-54.mga9 glibc-devel-2.36-54.mga9 ####### System C ####### $ uname -a Linux jupiter-vm-mageia-9 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep glibc glibc-2.36-54.mga9 ####### System D ####### $ uname -a Linux jupiter-vm-mageia-9-jogos 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 17:19:36 UTC 2024 x86_64 GNU/Linux $ rpm -qa | grep glibc glibc-2.36-54.mga9 ####### System E ####### # uname -a Linux jupiter-vm-mageia-9-aarch64 6.6.28-desktop-1.mga9 #1 SMP PREEMPT_DYNAMIC Wed Apr 17 20:15:41 UTC 2024 aarch64 GNU/Linux # rpm -qa | grep glibc glibc-2.36-54.mga9
CC: (none) => mageia
MGA9-64 Plasma on two systems: i5-7500, nvidia Quadro K620, and HP Pavilion, A8-4555 APU. Used each system for a total of two hours of everyday usage today, primarily with Firefox and Thunderbird. No issues noted. Giving this a 64-bit OK, but because this is basic to operations, we will need a 32-bit test or two before validating.
CC: (none) => andrewsfarmWhiteboard: (none) => MGA9-64-OK
RH mageia 9 i586 Updated along of other official and thirdparty updates LC_ALL=C urpmi --auto --auto-update medium "QA Testing (32-bit)" is up-to-date https://ftp.blogdrake.net/mageia/mageia9/free/i586/media_info/synthesis.hdlist.cz updated medium "BDK-Free-i586" https://ftp.blogdrake.net/mageia/mageia9/free/noarch/media_info/synthesis.hdlist.cz updated medium "BDK-Free-noarch" medium "BDK-NonFree-i586" is up-to-date medium "Core Release (distrib1)" is up-to-date https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/media_info/20240509-022524-synthesis.hdlist.cz updated medium "Core Updates (distrib3)" medium "Nonfree Release (distrib11)" is up-to-date medium "Nonfree Updates (distrib13)" is up-to-date medium "Tainted Release (distrib21)" is up-to-date https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/tainted/updates/media_info/20240509-023630-synthesis.hdlist.cz updated medium "Tainted Updates (distrib23)" installing glibc-2.36-54.mga9.i586.rpm glibc-utils-2.36-54.mga9.i586.rpm glibc-devel-2.36-54.mga9.i586.rpm from //home/katnatek/qa-testing/i586 Preparing... ################################################################ 1/3: glibc ################################################################ 2/3: glibc-devel ################################################################ 3/3: glibc-utils ################################################################ 1/3: removing glibc-utils-6:2.36-53.mga9.i586 ################################################################ 2/3: removing glibc-devel-6:2.36-53.mga9.i586 ################################################################ 3/3: removing glibc-6:2.36-53.mga9.i586 ################################################################ You should restart your computer for glibc restarting urpmi https://ftp.blogdrake.net/mageia/mageia9/free/noarch/yt-dlp-2024.04.09-0.1bdk_mga9.noarch.rpm https://ftp.blogdrake.net/mageia/mageia9/free/noarch/videomass-5.0.12-1bdk_mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-3.1.5-45.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-json-2.6.1-45.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/exfatprogs-1.2.0-1.1.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libopenpmix2-4.2.3-1.1.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-irb-3.1.5-45.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-io-console-0.5.11-45.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libxml2_2-2.10.4-1.3.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-RubyGems-3.3.26-45.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-rdoc-6.4.1.1-45.mga9.noarch.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libtiff6-4.5.1-1.3.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libxml2-utils-2.10.4-1.3.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libruby3.1-3.1.5-45.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/libxml2-devel-2.10.4-1.3.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/traceroute-2.1.3-1.mga9.i586.rpm https://mirror.math.princeton.edu/pub/mageia/distrib/9/i586/media/core/updates/ruby-psych-4.0.4-45.mga9.i586.rpm installing //home/katnatek/qa-testing/i586/nscd-2.36-54.mga9.i586.rpm /var/cache/urpmi/rpms/traceroute-2.1.3-1.mga9.i586.rpm /var/cache/urpmi/rpms/videomass-5.0.12-1bdk_mga9.noarch.rpm /var/cache/urpmi/rpms/ruby-psych-4.0.4-45.mga9.i586.rpm /var/cache/urpmi/rpms/libxml2-devel-2.10.4-1.3.mga9.i586.rpm //home/katnatek/qa-testing/i586/glibc-profile-2.36-54.mga9.i586.rpm /var/cache/urpmi/rpms/libxml2-utils-2.10.4-1.3.mga9.i586.rpm /var/cache/urpmi/rpms/libruby3.1-3.1.5-45.mga9.i586.rpm /var/cache/urpmi/rpms/ruby-rdoc-6.4.1.1-45.mga9.noarch.rpm /var/cache/urpmi/rpms/libtiff6-4.5.1-1.3.mga9.i586.rpm //home/katnatek/qa-testing/i586/glibc-i18ndata-2.36-54.mga9.i586.rpm /var/cache/urpmi/rpms/ruby-irb-3.1.5-45.mga9.noarch.rpm /var/cache/urpmi/rpms/ruby-RubyGems-3.3.26-45.mga9.noarch.rpm /var/cache/urpmi/rpms/ruby-io-console-0.5.11-45.mga9.i586.rpm /var/cache/urpmi/rpms/libxml2_2-2.10.4-1.3.mga9.i586.rpm /var/cache/urpmi/rpms/yt-dlp-2024.04.09-0.1bdk_mga9.noarch.rpm /var/cache/urpmi/rpms/libopenpmix2-4.2.3-1.1.mga9.i586.rpm /var/cache/urpmi/rpms/ruby-json-2.6.1-45.mga9.i586.rpm /var/cache/urpmi/rpms/exfatprogs-1.2.0-1.1.mga9.i586.rpm //home/katnatek/qa-testing/i586/glibc-doc-2.36-54.mga9.noarch.rpm /var/cache/urpmi/rpms/ruby-3.1.5-45.mga9.i586.rpm Preparing... ################################################################ 1/21: yt-dlp ################################################################ 2/21: ruby-irb ################################################################ 3/21: videomass ################################################################ 4/21: glibc-doc ################################################################ 5/21: glibc-i18ndata ################################################################ 6/21: glibc-profile ################################################################ 7/21: libruby3.1 ################################################################ 8/21: libxml2_2 ################################################################ 9/21: ruby-io-console ################################################################ 10/21: ruby-rdoc ################################################################ 11/21: ruby-json ################################################################ 12/21: ruby ################################################################ 13/21: ruby-RubyGems ################################################################ 14/21: ruby-psych ################################################################ 15/21: libxml2-devel ################################################################ 16/21: libxml2-utils ################################################################ 17/21: exfatprogs ################################################################ 18/21: libopenpmix2 ################################################################ 19/21: libtiff6 ################################################################ 20/21: traceroute ################################################################ 21/21: nscd ################################################################ 1/21: removing libxml2-utils-2.10.4-1.2.mga9.i586 ################################################################ 2/21: removing ruby-rdoc-6.4.0-44.mga9.noarch ################################################################ 3/21: removing ruby-io-console-0.5.11-44.mga9.i586 ################################################################ 4/21: removing ruby-json-2.6.1-44.mga9.i586 ################################################################ 5/21: removing ruby-3.1.4-44.mga9.i586 ################################################################ 6/21: removing ruby-RubyGems-3.3.26-44.mga9.noarch ################################################################ 7/21: removing ruby-psych-4.0.4-44.mga9.i586 ################################################################ 8/21: removing videomass-5.0.2-1bdk_mga9.noarch ################################################################ 9/21: removing libxml2-devel-2.10.4-1.2.mga9.i586 ################################################################ 10/21: removing libxml2_2-2.10.4-1.2.mga9.i586 ################################################################ 11/21: removing yt-dlp-2024.03.10-1.mga9.noarch ################################################################ 12/21: removing libruby3.1-3.1.4-44.mga9.i586 ################################################################ 13/21: removing ruby-irb-3.1.4-44.mga9.noarch ################################################################ 14/21: removing glibc-doc-6:2.36-53.mga9.noarch ################################################################ 15/21: removing exfatprogs-1:1.2.0-1.mga9.i586 ################################################################ 16/21: removing libopenpmix2-4.2.3-1.mga9.i586 ################################################################ 17/21: removing glibc-i18ndata-6:2.36-53.mga9.i586 ################################################################ 18/21: removing libtiff6-4.5.1-1.2.mga9.i586 ################################################################ 19/21: removing glibc-profile-6:2.36-53.mga9.i586 ################################################################ 20/21: removing traceroute-2.1.2-1.mga9.i586 ################################################################ 21/21: removing nscd-6:2.36-53.mga9.i586 ################################################################ Reboot test memusage --png=test rpm -qa Works
MGA9-64, AMD 3015e APU, laptop Installed glibc and nscd package sleep working system is behavng
Should be enough. Validating.
Keywords: (none) => validated_updateWhiteboard: MGA9-64-OK => MGA9-64-OK MGA9-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2024-0173.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED