UbuntuUpdates.org

Package "nscd"

Name: nscd

Description:

GNU C Library: Name Service Cache Daemon

Latest version: 2.31-0ubuntu9.16
Release: focal (20.04)
Level: updates
Repository: universe
Head package: glibc
Homepage: https://www.gnu.org/software/libc/libc.html

Links


Download "nscd"


Other versions of "nscd" in Focal

Repository Area Version
base universe 2.31-0ubuntu9
security universe 2.31-0ubuntu9.16

Changelog

Version: 2.31-0ubuntu9.16 2024-05-29 18:08:15 UTC

  glibc (2.31-0ubuntu9.16) focal-security; urgency=medium

  * SECURITY UPDATE: Stack-based buffer overflow
    - debian/patches/CVE-2024-33599.patch: CVE-2024-33599: nscd: Stack-
      based buffer overflow in netgroup cache.
    - CVE-2024-33599
  * SECURITY UPDATE: Null pointer
    - debian/patches/CVE-2024-33600_1.patch: CVE-2024-33600: nscd: Avoid
      null pointer crashes after notfound response.
    - debian/patches/CVE-2024-33600_2.patch: CVE-2024-33600: nscd: Do
      not send missing not-found response in addgetnetgrentX.
    - CVE-2024-33600
  * SECURITY UPDATE: Memory corruption
    - debian/patches/CVE-2024-33601_33602.patch: CVE-2024-33601, CVE-
      2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX.
    - CVE-2024-33601
    - CVE-2024-33602

 -- Paulo Flabiano Smorigo <email address hidden> Tue, 30 Apr 2024 15:20:18 -0300

Source diff to previous version
CVE-2024-33599 nscd: Stack-based buffer overflow in netgroup cache If the Name Service Cache Daemon's (nscd) fixed size cache is exhausted by client requests then
CVE-2024-33600 nscd: Null pointer crashes after notfound response If the Name Service Cache Daemon's (nscd) cache fails to add a not-found netgroup response to the
CVE-2024-33601 nscd: netgroup cache may terminate daemon on memory allocation failure The Name Service Cache Daemon's (nscd) netgroup cache uses xmalloc or xreallo
CVE-2024-33602 nscd: netgroup cache assumes NSS callback uses in-buffer strings The Name Service Cache Daemon's (nscd) netgroup cache can corrupt memory when the N

Version: 2.31-0ubuntu9.15 2024-04-18 15:07:17 UTC

  glibc (2.31-0ubuntu9.15) focal-security; urgency=medium

  * SECURITY UPDATE: OOB write in iconv plugin ISO-2022-CN-EXT
    - debian/patches/any/CVE-2024-2961.patch: fix out-of-bound writes when
      writing escape sequence in iconvdata/Makefile,
      iconvdata/iso-2022-cn-ext.c, iconvdata/tst-iconv-iso-2022-cn-ext.c.
    - CVE-2024-2961

 -- Marc Deslauriers <email address hidden> Tue, 16 Apr 2024 09:43:50 -0400

Source diff to previous version
CVE-2024-2961 The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting string

Version: 2.31-0ubuntu9.14 2023-12-07 18:07:03 UTC

  glibc (2.31-0ubuntu9.14) focal-security; urgency=medium

  * SECURITY UPDATE: use-after-free through getcanonname_r plugin call
    - debian/patches/any/CVE-2023-4806.patch: copy h_name over and free it at
      the end (getaddrinfo).
    - CVE-2023-4806
  * SECURITY UPDATE: use-after-free in gaih_inet function
    - debian/patches/any/CVE-2023-4813.patch: simplify allocations and fix
      merge and continue actions.
    - CVE-2023-4813
  * debian/testsuite-xfail-debian.mk: add tst-nss-gai-actions and
    tst-nss-gai-hv2-canonname to xfails (container tests).

 -- Camila Camargo de Matos <email address hidden> Wed, 22 Nov 2023 10:32:50 -0300

Source diff to previous version
CVE-2023-4806 A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an applicatio
CVE-2023-4813 A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. Th

Version: 2.31-0ubuntu9.12 2023-10-02 18:06:53 UTC

  glibc (2.31-0ubuntu9.12) focal; urgency=medium

  * Drop SVE memcpy implementation due to kernel-related performance
    regression

Source diff to previous version

Version: 2.31-0ubuntu9.9 2022-05-11 04:06:22 UTC

  glibc (2.31-0ubuntu9.9) focal; urgency=medium

  * Disable testsuite on riscv64. It is failing maths tests intermittently in
    ways that cannot be a glibc regression and is disabled in later series
    anyway.




About   -   Send Feedback to @ubuntu_updates