[SECURITY] [DSA 5673-1] glibc security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5673-1] glibc security update
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Tue, 23 Apr 2024 07:10:31 +0000
Message-id: <[🔎] E1rzAIR-006fHo-MM@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5673-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
April 23, 2024                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : glibc
CVE ID         : CVE-2024-2961
Debian Bug     : 1069191

Charles Fol discovered that the iconv() function in the GNU C library is
prone to a buffer overflow vulnerability when converting strings to the
ISO-2022-CN-EXT character set, which may lead to denial of service
(application crash) or the execution of arbitrary code.

For the oldstable distribution (bullseye), this problem has been fixed
in version 2.31-13+deb11u9.

For the stable distribution (bookworm), this problem has been fixed in
version 2.36-9+deb12u6.

We recommend that you upgrade your glibc packages.

For the detailed security status of glibc please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/glibc

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAmYnXlRfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0QQVQ//SFTCEazXKFiaeBQD+lGr4ROP2/rSm0WE682g+Xz7HVLJkLtNyLd7Y4SA
MVNQDlKntGM//MMQiIUsTGxc4Hq/HgMYVvhXZTlmwRaayTUlJ5jY704vrzMbyaTo
iK+88z8SrPwGlHvzzzpNx4/pN8uQYNIK7oLrvCv5ng50Lnh1jBxBTXuEgZQtMq7m
Wlo8B+nAaZQKpxHJK+ilNx9kT0g6au4FD+KXzyISBwz4KBEqb10fToHYzl/Wf209
boG9CAbn/rgTM0/wvXb3kDPc3k6yDk+6NI9NVqXSHzkpvbtBJxNi/crnR1Mu7KAh
MGqKC9pq6t8zL9v6YV9lGuL/dFBOg+bihsZ3dVyX0B6PDqvmRyZ5lDGZKiiS2jWT
RxWoEnM9JdzADd6bbJTICNbFgKNIzmcSxPgfS6/wRp0R679wrq+jhxhAhSNN1ozh
dQciRKiLfguTTI4HTRH42frSdXRFue4W48s7LS+Fy0oAaxUza5QNrsFgP9tPBFKl
t9ehi3sXqzWTD+Tl51np1dc3yOW9xq0btlUejy0W1L6q6POKIkRrNllVczWJixOA
UwuWY4u6zrcX1wgDRSmUsG8k4seHoH7EpfTIaaQ4qgPGalG+9r6ZrMApUS0eOVzd
ure7Qo7w6w/UGRxCsuU7pToZlkiHwOlimd7lAGqNMJwofDKbc8k=
=8z2B
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5672-1] openjdk-17 security update
Next by Date: [SECURITY] [DSA 5674-1] pdns-recursor security update
Previous by thread: [SECURITY] [DSA 5672-1] openjdk-17 security update
Next by thread: [SECURITY] [DSA 5674-1] pdns-recursor security update
Index(es):
- Date
- Thread