StarlingX

[Debian] Critical CVE: CVE-2024-33599/CVE-2024-33600/CVE-2024-33601/CVE-2024-33602 glibc : multiple CVEs

Bug #2064862 reported by Yue Tao
256
This bug affects 1 person
Affects Status Importance Assigned to Milestone
StarlingX
Fix Released
Critical
Wentao Zhang

Bug Description

CVE-2024-33599: https://nvd.nist.gov/vuln/detail/CVE-2024-33599

None

CVE-2024-33600: https://nvd.nist.gov/vuln/detail/CVE-2024-33600

None

CVE-2024-33601: https://nvd.nist.gov/vuln/detail/CVE-2024-33601

None

CVE-2024-33602: https://nvd.nist.gov/vuln/detail/CVE-2024-33602

None

Base Score: Critical

Reference:

['libc6_2.31-13+deb11u7_amd64.deb===>libc6_2.31-13+deb11u10_amd64.deb', 'libc6-dev_2.31-13+deb11u7_amd64.deb===>libc6-dev_2.31-13+deb11u10_amd64.deb', 'libc-bin_2.31-13+deb11u7_amd64.deb===>libc-bin_2.31-13+deb11u10_amd64.deb', 'libc-dev-bin_2.31-13+deb11u7_amd64.deb===>libc-dev-bin_2.31-13+deb11u10_amd64.deb', 'libc-l10n_2.31-13+deb11u7_all.deb===>libc-l10n_2.31-13+deb11u10_all.deb', 'locales_2.31-13+deb11u7_all.deb===>locales_2.31-13+deb11u10_all.deb', 'locales-all_2.31-13+deb11u7_amd64.deb===>locales-all_2.31-13+deb11u10_amd64.deb']
https://security-tracker.debian.org/tracker/DSA-5678-1

Wentao Zhang (wzhang4)
Changed in starlingx:
assignee: nobody → Wentao Zhang (wzhang4)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/918959

Changed in starlingx:
status: Triaged → In Progress
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/918959
Committed: https://opendev.org/starlingx/tools/commit/92a7721ef3a1086a60389c22ba2ecef774540c52
Submitter: "Zuul (22348)"
Branch: master

commit 92a7721ef3a1086a60389c22ba2ecef774540c52
Author: STX Builder <email address hidden>
Date: Tue May 7 06:31:49 2024 +0000

    Debian: glibc : fix multiple CVEs

    Upgrade libc6 to 2.31-13+deb11u10
    Upgrade libc6-dev to 2.31-13+deb11u10
    Upgrade libc-bin to 2.31-13+deb11u10
    Upgrade libc-dev-bin to 2.31-13+deb11u10
    Upgrade libc-l10n to 2.31-13+deb11u10
    Upgrade locales to 2.31-13+deb11u10
    Upgrade locales-all to 2.31-13+deb11u10

    Refer to:
    CVE-2024-33599: https://nvd.nist.gov/vuln/detail/CVE-2024-33599
    CVE-2024-33600: https://nvd.nist.gov/vuln/detail/CVE-2024-33600
    CVE-2024-33601: https://nvd.nist.gov/vuln/detail/CVE-2024-33601
    CVE-2024-33602: https://nvd.nist.gov/vuln/detail/CVE-2024-33602
    https://security-tracker.debian.org/tracker/DSA-5678-1

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

    Closes-bug: #2064862

    Change-Id: I17561b65fc8daae9173ff16b339c7bb97725efe3
    Signed-off-by: Wentao Zhang <email address hidden>

Changed in starlingx:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.