File _patchinfo of Package patchinfo.33857

<patchinfo incident="33857">
  <issue tracker="cve" id="2024-33601"/>
  <issue tracker="cve" id="2024-33602"/>
  <issue tracker="cve" id="2024-2961"/>
  <issue tracker="cve" id="2024-33600"/>
  <issue tracker="cve" id="2024-33599"/>
  <issue tracker="bnc" id="1223424">VUL-0: CVE-2024-33600: glibc: null pointer dereference after failed netgroup cache insertion</issue>
  <issue tracker="bnc" id="1223425">VUL-0: CVE-2024-33602: glibc: netgroup cache assumes NSS callback uses in-buffer strings</issue>
  <issue tracker="bnc" id="1223423">VUL-0: CVE-2024-33599: glibc: stack-based buffer overflow in netgroup cache</issue>
  <issue tracker="bnc" id="1222992">VUL-0: CVE-2024-2961: glibc: iconv() function in the GNU C Library may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set</issue>
  <packager>Andreas_Schwab</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for glibc</summary>
  <description>This update for glibc fixes the following issues:

- nscd: Release read lock after resetting timeout
- nscd: Fix use-after-free in addgetnetgrentX (BZ #23520)
- CVE-2024-33599; nscd: Stack-based buffer overflow in netgroup cache (bsc#1223423, BZ #31677)
- CVE-2024-33600; nscd: Avoid null pointer crashes after notfound response (bsc#1223424, BZ #31678)
- CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bsc#1223424, BZ #31678)
- CVE-2024-33601, CVE-2024-33602: netgroup: Use two buffers in addgetnetgrentX (bsc#1223425, BZ #31680)
- CVE-2024-33602: Use time_t for return type of addgetnetgrentX (bsc#1223425)
- CVE-2024-2961: iconv: ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence (bsc#1222992)
</description>
</patchinfo>