Package "glibc"

Name: glibc


This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • GNU C Library: sources
  • GNU C Library: Precompiled locale data
  • GNU C Library: Name Service Cache Daemon

Latest version: 2.39-0ubuntu8.2
Release: noble (24.04)
Level: updates
Repository: universe


Other versions of "glibc" in Noble

Repository Area Version
base universe 2.39-0ubuntu8
base main 2.39-0ubuntu8
security main 2.39-0ubuntu8.2
security universe 2.39-0ubuntu8.2
updates main 2.39-0ubuntu8.2

Packages in group

Deleted packages are displayed in grey.


Version: 2.39-0ubuntu8.2 2024-05-30 15:07:02 UTC

  glibc (2.39-0ubuntu8.2) noble-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2024-33599.patch: CVE-2024-33599: nscd: Stack-
      based buffer overflow in netgroup cache.
    - CVE-2024-33599
  * SECURITY UPDATE: Null pointer
    - debian/patches/CVE-2024-33600_1.patch: CVE-2024-33600: nscd: Avoid
      null pointer crashes after notfound response.
    - debian/patches/CVE-2024-33600_2.patch: CVE-2024-33600: nscd: Do
      not send missing not-found response in addgetnetgrentX.
    - CVE-2024-33600
  * SECURITY UPDATE: Memory corruption
    - debian/patches/CVE-2024-33601_33602.patch: CVE-2024-33601, CVE-
      2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX.
    - CVE-2024-33601
    - CVE-2024-33602

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 30 Apr 2024 15:02:13 -0300

Source diff to previous version
CVE-2024-33599 nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then
CVE-2024-33600 nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the
CVE-2024-33601 nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xreallo
CVE-2024-33602 nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the N

Version: 2.39-0ubuntu8.1 2024-04-29 14:07:10 UTC

  glibc (2.39-0ubuntu8.1) noble-security; urgency=medium

  * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT
    - debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when
      writing escape sequence in iconvdata/Makefile,
      iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c.
    - CVE-2024-2961

 -- Marc Deslauriers <email address hidden> Thu, 18 Apr 2024 09:52:32 -0400

CVE-2024-2961 The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting string

About   -   Send Feedback to @ubuntu_updates