StarlingX

[Debian] Medium CVE: CVE-2024-2961 glibc

Bug #2063188 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
High
Wentao Zhang

Bug Description

CVE-2024-2961: https://nvd.nist.gov/vuln/detail/CVE-2024-2961

The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

Base Score: Medium

Reference:

['libc6_2.31-13+deb11u7_amd64.deb===>libc6_2.31-13+deb11u9_amd64.deb', 'libc6-dev_2.31-13+deb11u7_amd64.deb===>libc6-dev_2.31-13+deb11u9_amd64.deb', 'libc-bin_2.31-13+deb11u7_amd64.deb===>libc-bin_2.31-13+deb11u9_amd64.deb', 'libc-dev-bin_2.31-13+deb11u7_amd64.deb===>libc-dev-bin_2.31-13+deb11u9_amd64.deb', 'libc-l10n_2.31-13+deb11u7_all.deb===>libc-l10n_2.31-13+deb11u9_all.deb', 'locales_2.31-13+deb11u7_all.deb===>locales_2.31-13+deb11u9_all.deb', 'locales-all_2.31-13+deb11u7_amd64.deb===>locales-all_2.31-13+deb11u9_amd64.deb']
https://security-tracker.debian.org/tracker/DSA-5673-1

CVE References

Yue Tao (wrytao)
tags: added: stx.10.0 stx.security
removed: stx.se
Wentao Zhang (wzhang4)
Changed in starlingx:
assignee: nobody → Wentao Zhang (wzhang4)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/917289

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/917289
Committed: https://opendev.org/starlingx/tools/commit/660f7ad92effc65387cda1b2f728b6313730733e
Submitter: "Zuul (22348)"
Branch: master

commit 660f7ad92effc65387cda1b2f728b6313730733e
Author: Wentao Zhang <email address hidden>
Date: Sun Apr 28 03:19:25 2024 -0700

    Debian: glibc : fix CVE-2024-2961

    Upgrade libc6 to 2.31-13+deb11u9
    Upgrade libc6-dev to 2.31-13+deb11u9
    Upgrade libc-bin to 2.31-13+deb11u9
    Upgrade libc-dev-bin to 2.31-13+deb11u9
    Upgrade libc-l10n to 2.31-13+deb11u9
    Upgrade locales to 2.31-13+deb11u9
    Upgrade locales-all to 2.31-13+deb11u9

    Refer to:
    https://nvd.nist.gov/vuln/detail/CVE-2024-2961
    https://security-tracker.debian.org/tracker/DSA-5673-1

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

    Closes-bug: #2063188

    Change-Id: Ie741471bcb05c15d96037020fba168d0a2f4566f
    Signed-off-by: Wentao Zhang <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.