RLSA-2021:1585 --- glibcID: oval:org.secpod.oval:def:4501339 | Date: (C)2023-04-03 (M)2024-04-17 |
Class: PATCH | Family: unix |
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding * glibc: regular-expression match via proceed_next_node in posix/regexec.c leads to heap-based buffer over-read * glibc: assertion failure in ISO-2022-JP-3 gconv module related to combining characters * glibc: iconv program can hang when invoked with the -c option * glibc: iconv when processing invalid multi-byte input sequences fails to advance the input state, which could result in an infinite loop For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Additional Changes: For detailed information on changes in this release, see the Rocky Linux 8.4 Release Notes linked from the References section.
Product: |
glibc |
compat-libpthread-nonshared |
libnsl |
nscd |
nss_db |
nss_hesiod |