Home / mailingsPDF  

[SECURITY] [DSA 5673-1] glibc security update

Posted on 23 April 2024
Debian Security Advisory

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5673-1 security@debian.org
https://www.debian.org/security/ Salvatore Bonaccorso
April 23, 2024 https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package : glibc
CVE ID : CVE-2024-2961
Debian Bug : 1069191

Charles Fol discovered that the iconv() function in the GNU C library is
prone to a buffer overflow vulnerability when converting strings to the
ISO-2022-CN-EXT character set, which may lead to denial of service
(application crash) or the execution of arbitrary code.

For the oldstable distribution (bullseye), this problem has been fixed
in version 2.31-13+deb11u9.

For the stable distribution (bookworm), this problem has been fixed in
version 2.36-9+deb12u6.

We recommend that you upgrade your glibc packages.

For the detailed security status of glibc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/glibc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org

 

TOP