[El-errata] ELSA-2024-3588 Important: Oracle Linux 7 glibc security update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Thu Jun 6 17:50:10 UTC 2024


Oracle Linux Security Advisory ELSA-2024-3588

http://linux.oracle.com/errata/ELSA-2024-3588.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
glibc-2.17-326.0.9.el7_9.3.i686.rpm
glibc-2.17-326.0.9.el7_9.3.x86_64.rpm
glibc-common-2.17-326.0.9.el7_9.3.x86_64.rpm
glibc-devel-2.17-326.0.9.el7_9.3.i686.rpm
glibc-devel-2.17-326.0.9.el7_9.3.x86_64.rpm
glibc-headers-2.17-326.0.9.el7_9.3.x86_64.rpm
glibc-static-2.17-326.0.9.el7_9.3.i686.rpm
glibc-static-2.17-326.0.9.el7_9.3.x86_64.rpm
glibc-utils-2.17-326.0.9.el7_9.3.x86_64.rpm
nscd-2.17-326.0.9.el7_9.3.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//glibc-2.17-326.0.9.el7_9.3.src.rpm

Related CVEs:

CVE-2024-2961
CVE-2024-33599
CVE-2024-33600
CVE-2024-33601
CVE-2024-33602




Description of changes:

[2.17-326.3]
- Forward-port Oracle patches to 2.17-326.3
Reviewed-by: Jose E. Marchesi

[2.17-326.3]
- nscd: Fix timeout type in netgroup cache (RHEL-34263)

[2.17-326.2]
- nscd: Do not use sendfile for the netgroup cache
- nscd: Use-after-free in netgroup cache
- CVE-2021-27645: nscd: double-free in netgroup cache
- CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34263)
- CVE-2024-33600: nscd: null pointer dereferences in netgroup cache
- CVE-2024-33601: nscd: crash on out-of-memory condition
- CVE-2024-33602: nscd: memory corruption with NSS netgroup modules

[2.17-326.1]
- CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-31803)



More information about the El-errata mailing list