USN-6804-1: GNU C Library vulnerabilities

Releases

• Ubuntu 24.04 LTS
• Ubuntu 23.10
• Ubuntu 22.04 LTS
• Ubuntu 20.04 LTS
• Ubuntu 18.04 ESM
• Ubuntu 16.04 ESM

Packages

• glibc - GNU C Library

Details

It was discovered that GNU C Library nscd daemon contained a stack-based buffer
overflow. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-33599)

It was discovered that GNU C Library nscd daemon did not properly check the
cache content, leading to a null pointer dereference vulnerability. A local
attacker could use this to cause a denial of service (system crash).
(CVE-2024-33600)

It was discovered that GNU C Library nscd daemon did not properly validate
memory allocation in certain situations, leading to a null pointer dereference
vulnerability. A local attacker could use this to cause a denial of service
(system crash). (CVE-2024-33601)

It was discovered that GNU C Library nscd daemon did not properly handle memory
allocation, which could lead to memory corruption. A local attacker could use
this to cause a denial of service (system crash). (CVE-2024-33602)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 24.04

• nscd - 2.39-0ubuntu8.2

Ubuntu 23.10

• nscd - 2.38-1ubuntu6.3

Ubuntu 22.04

• nscd - 2.35-0ubuntu3.8

Ubuntu 20.04

• nscd - 2.31-0ubuntu9.16

Ubuntu 18.04

• nscd - 2.27-3ubuntu1.6+esm3
  Available with Ubuntu Pro

Ubuntu 16.04

• nscd - 2.23-0ubuntu11.3+esm7
  Available with Ubuntu Pro

After a standard system update you need to restart nscd to make
all the necessary changes.

References

• CVE-2024-33601
• CVE-2024-33599
• CVE-2024-33600
• CVE-2024-33602