about summary refs log tree commit diff
diff options
context:
space:
mode:
authorCarlos O'Donell <carlos@redhat.com>2024-05-01 21:54:11 -0400
committerCarlos O'Donell <carlos@redhat.com>2024-05-06 15:12:31 -0400
commit143ef68b2aded7c794956beddad495af8c7d3251 (patch)
treea513c2691b1e6f31c4126ed65ddefba989a2bbc6
parentd4d9a805a58c2593f7610198a198d24a41eef561 (diff)
downloadglibc-143ef68b2aded7c794956beddad495af8c7d3251.tar.gz
glibc-143ef68b2aded7c794956beddad495af8c7d3251.tar.xz
glibc-143ef68b2aded7c794956beddad495af8c7d3251.zip
NEWS: Add advisories.
  GLIBC-SA-2024-0004:
    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
    sequence (CVE-2024-2961)

  GLIBC-SA-2024-0005:
    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)

  GLIBC-SA-2024-0006:
    nscd: Null pointer crashes after notfound response
    (CVE-2024-33600)

  GLIBC-SA-2024-0007:
    nscd: netgroup cache may terminate daemon on memory allocation
    failure (CVE-2024-33601)

  GLIBC-SA-2024-0008:
    nscd: netgroup cache assumes NSS callback uses in-buffer strings
    (CVE-2024-33602)

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
-rw-r--r--NEWS19
1 files changed, 19 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index cf6078cf20..2234021a95 100644
--- a/NEWS
+++ b/NEWS
@@ -177,6 +177,25 @@ found in the advisories directory of the release tarball:
   GLIBC-SA-2024-0003:
     syslog: Integer overflow in __vsyslog_internal (CVE-2023-6780)
 
+  GLIBC-SA-2024-0004:
+    ISO-2022-CN-EXT: fix out-of-bound writes when writing escape
+    sequence (CVE-2024-2961)
+
+  GLIBC-SA-2024-0005:
+    nscd: Stack-based buffer overflow in netgroup cache (CVE-2024-33599)
+
+  GLIBC-SA-2024-0006:
+    nscd: Null pointer crashes after notfound response
+    (CVE-2024-33600)
+
+  GLIBC-SA-2024-0007:
+    nscd: netgroup cache may terminate daemon on memory allocation
+    failure (CVE-2024-33601)
+
+  GLIBC-SA-2024-0008:
+    nscd: netgroup cache assumes NSS callback uses in-buffer strings
+    (CVE-2024-33602)
+
 The following bugs are resolved with this release:
 
   [14522] localedata: fy_DE: LC_IDENTIFICATION data looks weird