drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Ausführen beliebiger Kommandos in glibc
Name: |
Ausführen beliebiger Kommandos in glibc |
|
ID: |
FEDORA-2024-9be1b94714 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 39 |
|
Datum: |
Sa, 20. April 2024, 14:58 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2961 |
|
Applikationen: |
GNU C library |
|
Originalnachricht |
------------------------------------------------------------------------------- - Fedora Update Notification FEDORA-2024-9be1b94714 2024-04-20 01:02:39.396098 ------------------------------------------------------------------------------- -
Name : glibc Product : Fedora 39 Version : 2.38 Release : 18.fc39 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
------------------------------------------------------------------------------- - Update Information:
This update includes several bug fixes from the upstream glibc release branch, including a fix for CVE-2024-2961. ------------------------------------------------------------------------------- - ChangeLog:
* Thu Apr 18 2024 Arjun Shankar <arjun@redhat.com> - 2.38-18 - Auto-sync with upstream branch release/2.38/master, commit e1135387deded5d73924f6ca20c72a35dc8e1bda: - iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (CVE-2024-2961) - powerpc: Fix ld.so address determination for PCREL mode (bug 31640) - AArch64: Check kernel version for SVE ifuncs - aarch64: fix check for SVE support in assembler - aarch64: correct CFI in rawmemchr (bug 31113) - AArch64: Remove Falkor memcpy - AArch64: Add memset_zva64 - AArch64: Cleanup emag memset - AArch64: Cleanup ifuncs - AArch64: Add support for MOPS memcpy/memmove/memset - Add HWCAP2_MOPS from Linux 6.5 to AArch64 bits/hwcap.h - LoongArch: Correct {__ieee754, _}_scalb -> {__ieee754, _}_scalbf ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #2275855 - CVE-2024-2961 glibc: Out of bounds write in iconv may lead to remote code execution [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2275855 ------------------------------------------------------------------------------- -
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-9be1b94714' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
|
|
|
|