An update for glibc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2023-1688 Final 1.0 1.0 2023-09-28 Initial 2023-09-28 2023-09-28 openEuler SA Tool V1.0 2023-09-28 glibc security update An update for glibc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more. Security Fix(es): A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags.(CVE-2023-4806) A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge.(CVE-2023-4813) A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash.(CVE-2023-5156) An update for glibc is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS,openEuler-22.03-LTS-SP1 and openEuler-22.03-LTS-SP2. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High glibc https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1688 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4806 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-4813 https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-5156 https://nvd.nist.gov/vuln/detail/CVE-2023-4806 https://nvd.nist.gov/vuln/detail/CVE-2023-4813 https://nvd.nist.gov/vuln/detail/CVE-2023-5156 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 glibc-compat-2.17-2.28-97.oe1.aarch64.rpm glibc-debugutils-2.28-97.oe1.aarch64.rpm glibc-debuginfo-2.28-97.oe1.aarch64.rpm glibc-locale-source-2.28-97.oe1.aarch64.rpm glibc-debugsource-2.28-97.oe1.aarch64.rpm nscd-2.28-97.oe1.aarch64.rpm libnsl-2.28-97.oe1.aarch64.rpm nss_modules-2.28-97.oe1.aarch64.rpm glibc-2.28-97.oe1.aarch64.rpm glibc-devel-2.28-97.oe1.aarch64.rpm glibc-all-langpacks-2.28-97.oe1.aarch64.rpm glibc-benchtests-2.28-97.oe1.aarch64.rpm glibc-nss-devel-2.28-97.oe1.aarch64.rpm glibc-common-2.28-97.oe1.aarch64.rpm glibc-debugutils-2.28-97.oe1.aarch64.rpm glibc-nss-devel-2.28-97.oe1.aarch64.rpm glibc-all-langpacks-2.28-97.oe1.aarch64.rpm glibc-2.28-97.oe1.aarch64.rpm libnsl-2.28-97.oe1.aarch64.rpm nscd-2.28-97.oe1.aarch64.rpm glibc-locale-source-2.28-97.oe1.aarch64.rpm nss_modules-2.28-97.oe1.aarch64.rpm glibc-devel-2.28-97.oe1.aarch64.rpm glibc-common-2.28-97.oe1.aarch64.rpm glibc-debuginfo-2.28-97.oe1.aarch64.rpm glibc-benchtests-2.28-97.oe1.aarch64.rpm glibc-compat-2.17-2.28-97.oe1.aarch64.rpm glibc-debugsource-2.28-97.oe1.aarch64.rpm glibc-compat-2.17-2.34-136.oe2203.aarch64.rpm nss_modules-2.34-136.oe2203.aarch64.rpm glibc-common-2.34-136.oe2203.aarch64.rpm glibc-debugsource-2.34-136.oe2203.aarch64.rpm glibc-nss-devel-2.34-136.oe2203.aarch64.rpm nscd-2.34-136.oe2203.aarch64.rpm glibc-locale-archive-2.34-136.oe2203.aarch64.rpm glibc-all-langpacks-2.34-136.oe2203.aarch64.rpm glibc-debugutils-2.34-136.oe2203.aarch64.rpm glibc-devel-2.34-136.oe2203.aarch64.rpm glibc-2.34-136.oe2203.aarch64.rpm glibc-locale-source-2.34-136.oe2203.aarch64.rpm glibc-debuginfo-2.34-136.oe2203.aarch64.rpm libnsl-2.34-136.oe2203.aarch64.rpm glibc-compat-2.17-2.34-136.oe2203sp1.aarch64.rpm glibc-debugutils-2.34-136.oe2203sp1.aarch64.rpm nss_modules-2.34-136.oe2203sp1.aarch64.rpm nscd-2.34-136.oe2203sp1.aarch64.rpm glibc-common-2.34-136.oe2203sp1.aarch64.rpm glibc-debugsource-2.34-136.oe2203sp1.aarch64.rpm glibc-devel-2.34-136.oe2203sp1.aarch64.rpm glibc-debuginfo-2.34-136.oe2203sp1.aarch64.rpm glibc-locale-source-2.34-136.oe2203sp1.aarch64.rpm glibc-all-langpacks-2.34-136.oe2203sp1.aarch64.rpm libnsl-2.34-136.oe2203sp1.aarch64.rpm glibc-nss-devel-2.34-136.oe2203sp1.aarch64.rpm glibc-locale-archive-2.34-136.oe2203sp1.aarch64.rpm glibc-2.34-136.oe2203sp1.aarch64.rpm glibc-nss-devel-2.34-136.oe2203sp2.aarch64.rpm glibc-common-2.34-136.oe2203sp2.aarch64.rpm glibc-locale-source-2.34-136.oe2203sp2.aarch64.rpm nss_modules-2.34-136.oe2203sp2.aarch64.rpm glibc-debugutils-2.34-136.oe2203sp2.aarch64.rpm libnsl-2.34-136.oe2203sp2.aarch64.rpm glibc-locale-archive-2.34-136.oe2203sp2.aarch64.rpm nscd-2.34-136.oe2203sp2.aarch64.rpm glibc-2.34-136.oe2203sp2.aarch64.rpm glibc-debugsource-2.34-136.oe2203sp2.aarch64.rpm glibc-compat-2.17-2.34-136.oe2203sp2.aarch64.rpm glibc-devel-2.34-136.oe2203sp2.aarch64.rpm glibc-debuginfo-2.34-136.oe2203sp2.aarch64.rpm glibc-all-langpacks-2.34-136.oe2203sp2.aarch64.rpm glibc-help-2.28-97.oe1.noarch.rpm glibc-help-2.28-97.oe1.noarch.rpm glibc-help-2.34-136.oe2203.noarch.rpm glibc-help-2.34-136.oe2203sp1.noarch.rpm glibc-help-2.34-136.oe2203sp2.noarch.rpm glibc-2.28-97.oe1.src.rpm glibc-2.28-97.oe1.src.rpm glibc-2.34-136.oe2203.src.rpm glibc-2.34-136.oe2203sp1.src.rpm glibc-2.34-136.oe2203sp2.src.rpm glibc-all-langpacks-2.28-97.oe1.x86_64.rpm glibc-debugutils-2.28-97.oe1.x86_64.rpm glibc-debuginfo-2.28-97.oe1.x86_64.rpm glibc-common-2.28-97.oe1.x86_64.rpm glibc-benchtests-2.28-97.oe1.x86_64.rpm glibc-compat-2.17-2.28-97.oe1.x86_64.rpm glibc-devel-2.28-97.oe1.x86_64.rpm glibc-nss-devel-2.28-97.oe1.x86_64.rpm glibc-debugsource-2.28-97.oe1.x86_64.rpm nscd-2.28-97.oe1.x86_64.rpm glibc-2.28-97.oe1.x86_64.rpm glibc-locale-source-2.28-97.oe1.x86_64.rpm libnsl-2.28-97.oe1.x86_64.rpm nss_modules-2.28-97.oe1.x86_64.rpm glibc-devel-2.28-97.oe1.x86_64.rpm glibc-compat-2.17-2.28-97.oe1.x86_64.rpm libnsl-2.28-97.oe1.x86_64.rpm glibc-debugutils-2.28-97.oe1.x86_64.rpm glibc-benchtests-2.28-97.oe1.x86_64.rpm glibc-all-langpacks-2.28-97.oe1.x86_64.rpm glibc-nss-devel-2.28-97.oe1.x86_64.rpm nscd-2.28-97.oe1.x86_64.rpm glibc-2.28-97.oe1.x86_64.rpm glibc-locale-source-2.28-97.oe1.x86_64.rpm glibc-common-2.28-97.oe1.x86_64.rpm glibc-debugsource-2.28-97.oe1.x86_64.rpm glibc-debuginfo-2.28-97.oe1.x86_64.rpm nss_modules-2.28-97.oe1.x86_64.rpm nss_modules-2.34-136.oe2203.x86_64.rpm glibc-debuginfo-2.34-136.oe2203.x86_64.rpm glibc-common-2.34-136.oe2203.x86_64.rpm glibc-compat-2.17-2.34-136.oe2203.x86_64.rpm glibc-locale-source-2.34-136.oe2203.x86_64.rpm glibc-debugutils-2.34-136.oe2203.x86_64.rpm glibc-debugsource-2.34-136.oe2203.x86_64.rpm glibc-2.34-136.oe2203.x86_64.rpm nscd-2.34-136.oe2203.x86_64.rpm glibc-devel-2.34-136.oe2203.x86_64.rpm glibc-all-langpacks-2.34-136.oe2203.x86_64.rpm glibc-locale-archive-2.34-136.oe2203.x86_64.rpm glibc-nss-devel-2.34-136.oe2203.x86_64.rpm libnsl-2.34-136.oe2203.x86_64.rpm glibc-locale-archive-2.34-136.oe2203sp1.x86_64.rpm glibc-2.34-136.oe2203sp1.x86_64.rpm glibc-nss-devel-2.34-136.oe2203sp1.x86_64.rpm glibc-locale-source-2.34-136.oe2203sp1.x86_64.rpm glibc-debugsource-2.34-136.oe2203sp1.x86_64.rpm nscd-2.34-136.oe2203sp1.x86_64.rpm glibc-common-2.34-136.oe2203sp1.x86_64.rpm glibc-devel-2.34-136.oe2203sp1.x86_64.rpm glibc-all-langpacks-2.34-136.oe2203sp1.x86_64.rpm glibc-debuginfo-2.34-136.oe2203sp1.x86_64.rpm glibc-debugutils-2.34-136.oe2203sp1.x86_64.rpm nss_modules-2.34-136.oe2203sp1.x86_64.rpm glibc-compat-2.17-2.34-136.oe2203sp1.x86_64.rpm libnsl-2.34-136.oe2203sp1.x86_64.rpm glibc-compat-2.17-2.34-136.oe2203sp2.x86_64.rpm glibc-debuginfo-2.34-136.oe2203sp2.x86_64.rpm glibc-common-2.34-136.oe2203sp2.x86_64.rpm glibc-nss-devel-2.34-136.oe2203sp2.x86_64.rpm glibc-locale-archive-2.34-136.oe2203sp2.x86_64.rpm glibc-locale-source-2.34-136.oe2203sp2.x86_64.rpm glibc-2.34-136.oe2203sp2.x86_64.rpm glibc-debugutils-2.34-136.oe2203sp2.x86_64.rpm libnsl-2.34-136.oe2203sp2.x86_64.rpm glibc-all-langpacks-2.34-136.oe2203sp2.x86_64.rpm glibc-devel-2.34-136.oe2203sp2.x86_64.rpm nscd-2.34-136.oe2203sp2.x86_64.rpm glibc-debugsource-2.34-136.oe2203sp2.x86_64.rpm nss_modules-2.34-136.oe2203sp2.x86_64.rpm A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an application crash. This issue is only exploitable when a NSS module implements only the _nss_*_gethostbyname2_r and _nss_*_getcanonname_r hooks without implementing the _nss_*_gethostbyname3_r hook. The resolved name should return a large number of IPv6 and IPv4, and the call to the getaddrinfo function should have the AF_INET6 address family with AI_CANONNAME, AI_ALL and AI_V4MAPPED as flags. 2023-09-28 CVE-2023-4806 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 High 7.5 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H glibc security update 2023-09-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1688 A flaw was found in glibc. In an uncommon situation, the gaih_inet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue or SUCCESS=merge. 2023-09-28 CVE-2023-4813 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 Medium 5.9 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H glibc security update 2023-09-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1688 A flaw was found in the GNU C Library. A recent fix for CVE-2023-4806 introduced the potential for a memory leak, which may result in an application crash. 2023-09-28 CVE-2023-5156 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP3 openEuler-22.03-LTS openEuler-22.03-LTS-SP1 openEuler-22.03-LTS-SP2 Low 3.7 AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H glibc security update 2023-09-28 https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1688