Headline
Ubuntu Security Notice USN-6804-1
Ubuntu Security Notice 6804-1 - It was discovered that GNU C Library nscd daemon contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service. It was discovered that GNU C Library nscd daemon did not properly check the cache content, leading to a null pointer dereference vulnerability. A local attacker could use this to cause a denial of service.
==========================================================================
Ubuntu Security Notice USN-6804-1
May 31, 2024
glibc vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 23.10
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in GNU C Library.
Software Description:
- glibc: GNU C Library
Details:
It was discovered that GNU C Library nscd daemon contained a stack-based buffer
overflow. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-33599)
It was discovered that GNU C Library nscd daemon did not properly check the
cache content, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2024-33600)
It was discovered that GNU C Library nscd daemon did not properly validate
memory allocation in certain situations, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-33601)
It was discovered that GNU C Library nscd daemon did not properly handle memory
allocation, which could lead to memory corruption. A local attacker could use
this to cause a denial of service (system crash). (CVE-2024-33602)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
nscd 2.39-0ubuntu8.2
Ubuntu 23.10
nscd 2.38-1ubuntu6.3
Ubuntu 22.04 LTS
nscd 2.35-0ubuntu3.8
Ubuntu 20.04 LTS
nscd 2.31-0ubuntu9.16
Ubuntu 18.04 LTS
nscd 2.27-3ubuntu1.6+esm3
Available with Ubuntu Pro
Ubuntu 16.04 LTS
nscd 2.23-0ubuntu11.3+esm7
Available with Ubuntu Pro
After a standard system update you need to restart nscd to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6804-1
CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602
Package Information:
https://launchpad.net/ubuntu/+source/glibc/2.39-0ubuntu8.2
https://launchpad.net/ubuntu/+source/glibc/2.38-1ubuntu6.3
https://launchpad.net/ubuntu/+source/glibc/2.35-0ubuntu3.8
https://launchpad.net/ubuntu/+source/glibc/2.31-0ubuntu9.16
Related news
Red Hat Security Advisory 2024-3464-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3464-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3464-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3464-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3423-03 - An update for glibc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3423-03 - An update for glibc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3423-03 - An update for glibc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3423-03 - An update for glibc is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3344-03 - An update for glibc is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow and null pointer vulnerabilities.
Red Hat Security Advisory 2024-3344-03 - An update for glibc is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow and null pointer vulnerabilities.
Red Hat Security Advisory 2024-3344-03 - An update for glibc is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow and null pointer vulnerabilities.
Red Hat Security Advisory 2024-3344-03 - An update for glibc is now available for Red Hat Enterprise Linux 8. Issues addressed include buffer overflow and null pointer vulnerabilities.
Red Hat Security Advisory 2024-3339-03 - An update for glibc is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3339-03 - An update for glibc is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3339-03 - An update for glibc is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-3339-03 - An update for glibc is now available for Red Hat Enterprise Linux 9. Issues addressed include buffer overflow, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-2799-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-2799-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-2799-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.
Red Hat Security Advisory 2024-2799-03 - An update for glibc is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include buffer overflow, code execution, null pointer, and out of bounds write vulnerabilities.
Debian Linux Security Advisory 5678-1 - Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code.
Debian Linux Security Advisory 5678-1 - Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code.
Debian Linux Security Advisory 5678-1 - Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code.
Debian Linux Security Advisory 5678-1 - Several vulnerabilities were discovered in nscd, the Name Service Cache Daemon in the GNU C library which may lead to denial of service or the execution of arbitrary code.