Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2024-0173)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2024.0173

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2024-0173)

Zusammenfassung: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2024-0173 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2024-0173 advisory.

Vulnerability Insight:
Stack-based buffer overflow in netgroup cache: If the Name Service Cache
Daemon's (nscd) fixed size cache is exhausted by client requests then a
subsequent client request for netgroup data may result in a stack-based
buffer overflow. (CVE-2024-33599)
Null pointer crashes after notfound response: If the Name Service Cache
Daemon's (nscd) cache fails to add a not-found netgroup response to the
cache, the client request can result in a null pointer dereference.
(CVE-2024-33600)
Netgroup cache may terminate daemon on memory allocation failure: The
Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or
xrealloc and these functions may terminate the process due to a memory
allocation failure resulting in a denial of service to the clients.
(CVE-2024-33601)
Netgroup cache assumes NSS callback uses in-buffer strings: The Name
Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the
NSS callback does not store all strings in the provided buffer.
(CVE-2024-33602)

Affected Software/OS:
'glibc' package(s) on Mageia 9.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2024-33599
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005
Common Vulnerability Exposure (CVE) ID: CVE-2024-33600
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006
Common Vulnerability Exposure (CVE) ID: CVE-2024-33601
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007
Common Vulnerability Exposure (CVE) ID: CVE-2024-33602
https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008

Copyright Copyright (C) 2024 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2024.0173
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2024-0173)
Zusammenfassung:	The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2024-0173 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'glibc' package(s) announced via the MGASA-2024-0173 advisory. Vulnerability Insight: Stack-based buffer overflow in netgroup cache: If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then a subsequent client request for netgroup data may result in a stack-based buffer overflow. (CVE-2024-33599) Null pointer crashes after notfound response: If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the cache, the client request can result in a null pointer dereference. (CVE-2024-33600) Netgroup cache may terminate daemon on memory allocation failure: The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xrealloc and these functions may terminate the process due to a memory allocation failure resulting in a denial of service to the clients. (CVE-2024-33601) Netgroup cache assumes NSS callback uses in-buffer strings: The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the NSS callback does not store all strings in the provided buffer. (CVE-2024-33602) Affected Software/OS: 'glibc' package(s) on Mageia 9. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2024-33599 https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0005 Common Vulnerability Exposure (CVE) ID: CVE-2024-33600 https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0006 Common Vulnerability Exposure (CVE) ID: CVE-2024-33601 https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0007 Common Vulnerability Exposure (CVE) ID: CVE-2024-33602 https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0008
Copyright	Copyright (C) 2024 Greenbone AG