[El-errata] ELSA-2024-3588 Important: Oracle Linux 7 glibc security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Jun 6 17:50:10 UTC 2024
Oracle Linux Security Advisory ELSA-2024-3588
http://linux.oracle.com/errata/ELSA-2024-3588.html
The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:
x86_64:
glibc-2.17-326.0.9.el7_9.3.i686.rpm
glibc-2.17-326.0.9.el7_9.3.x86_64.rpm
glibc-common-2.17-326.0.9.el7_9.3.x86_64.rpm
glibc-devel-2.17-326.0.9.el7_9.3.i686.rpm
glibc-devel-2.17-326.0.9.el7_9.3.x86_64.rpm
glibc-headers-2.17-326.0.9.el7_9.3.x86_64.rpm
glibc-static-2.17-326.0.9.el7_9.3.i686.rpm
glibc-static-2.17-326.0.9.el7_9.3.x86_64.rpm
glibc-utils-2.17-326.0.9.el7_9.3.x86_64.rpm
nscd-2.17-326.0.9.el7_9.3.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates//glibc-2.17-326.0.9.el7_9.3.src.rpm
Related CVEs:
CVE-2024-2961
CVE-2024-33599
CVE-2024-33600
CVE-2024-33601
CVE-2024-33602
Description of changes:
[2.17-326.3]
- Forward-port Oracle patches to 2.17-326.3
Reviewed-by: Jose E. Marchesi
[2.17-326.3]
- nscd: Fix timeout type in netgroup cache (RHEL-34263)
[2.17-326.2]
- nscd: Do not use sendfile for the netgroup cache
- nscd: Use-after-free in netgroup cache
- CVE-2021-27645: nscd: double-free in netgroup cache
- CVE-2024-33599: nscd: buffer overflow in netgroup cache (RHEL-34263)
- CVE-2024-33600: nscd: null pointer dereferences in netgroup cache
- CVE-2024-33601: nscd: crash on out-of-memory condition
- CVE-2024-33602: nscd: memory corruption with NSS netgroup modules
[2.17-326.1]
- CVE-2024-2961: Out of bounds write in iconv conversion to ISO-2022-CN-EXT (RHEL-31803)
More information about the El-errata
mailing list