File _patchinfo of Package patchinfo.33620

<patchinfo incident="33620">
  <issue tracker="cve" id="2024-33601"/>
  <issue tracker="cve" id="2024-33599"/>
  <issue tracker="cve" id="2024-33600"/>
  <issue tracker="cve" id="2024-33602"/>
  <issue tracker="bnc" id="1223424">VUL-0: CVE-2024-33600: glibc: null pointer dereference after failed netgroup cache insertion</issue>
  <issue tracker="bnc" id="1223423">VUL-0: CVE-2024-33599: glibc: stack-based buffer overflow in netgroup cache</issue>
  <issue tracker="bnc" id="1223425">VUL-0: CVE-2024-33602: glibc: netgroup cache assumes NSS callback uses in-buffer strings</issue>
  <issue tracker="bnc" id="1221940">Partner-L3: Update in glibc-devel-2.31-150300.52.2 causes performance regression on Sapphire Rapids CPU for glibc compiled benchmarking tests</issue>
  <packager>gbelinassi</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for glibc</summary>
  <description>This update for glibc fixes the following issues:

- CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423)
- CVE-2024-33600: Avoid null pointer crashes after notfound response in nscd (bsc#1223424)
- CVE-2024-33600: Do not send missing not-found response in addgetnetgrentX in nscd (bsc#1223424)
- CVE-2024-33601, CVE-2024-33602: Fixed use of two buffers in addgetnetgrentX ( bsc#1223425)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)

- Avoid creating userspace live patching prologue for _start routine (bsc#1221940)

</description>
</patchinfo>