Fedora 39: glibc 2024-df41d584d0 Security Advisory Updates
Summary
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.
Update Information:
Auto-sync with upstream branch release/2.38/master Add BuildRequires:gzip for compressed character maps and info files. Upstream commit: 4dd8641461463b667b5503ab0ea4abcf261378a9 Add crt1-2.0.o for glibc 2.0 compatibility tests libio: Attempt wide backup free only for non-legacy code nptl: Use facilities in tst-setuid3 posix: Use facilities in tst-truncate and tst-truncate64 ungetc: Fix backup buffer leak on program exit [BZ #27821] ungetc: Fix uninitialized read when putting into unused streams [BZ #27821] Make tst-ungetc use libsupport stdio-common: Add test for vfscanf with matches longer than INT_MAX [BZ #27650] support: Add FAIL test failure helper x86: Fix bug in strchrnul-evex512 [BZ #32078] Fix name space violation in fortify wrappers (bug 32052) resolv: Fix tst-resolv-short-response for older GCC (bug 32042) Update syscall lists for Linux 6.5 Add mremap tests mremap: Update manual entry linux: Update the mremap C implementation [BZ #31968] resolv: Track single-request fallback via _res._flags (bug 31476) resolv: Do not wait for non-existing second DNS response after error (bug 30081) resolv: Allow short error responses to match any query (bug 31890) Linux: Make __rseq_size useful for feature detection (bug 31965) elf: Make dl-rseq-symbols Linux only nptl: fix potential merge of __rseq_* relro symbols s390x: Fix segfault in wcsncmp [BZ #31934] misc: Add support for Linux uio.h RWF_NOAPPEND flag i386: Disable Intel Xeon Phi tests for GCC 15 and above (BZ 31782) Force DT_RPATH for --enable-hardcoded-path-in-tests resolv: Fix some unaligned accesses in resolver [BZ #30750] nscd: Use time_t for return type of addgetnetgrentX elf: Also compile dl-misc.os with $(rtld-early-cflags) CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680) CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678) CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678) CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677) i386: ulp update for SSE2 --disable-multi-arch configurations nptl: Fix tst-cancel30 on kernels without ppoll_time64 support login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701) login: Check default sizes of structs utmp, utmpx, lastlog sparc: Remove 64 bit check on sparc32 wordsize (BZ 27574)
Change Log
* Thu Oct 10 2024 Carlos O'Donell
References
Fedora Update Notification FEDORA-2024-df41d584d0 2024-10-28 01:03:30.677266 Name : glibc Product : Fedora 39 Version : 2.38 Release : 19.fc39 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-df41d584d0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label