ELA-1119-1 glibc security update

nscd vulnerabilities

2024-06-30
Packageglibc
Version2.19-18+deb8u14 (jessie), 2.24-11+deb9u7 (stretch)
Related CVEs CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602


Multiple vulnerabilities have been fixed in the Name Service Cache Daemon that is built by the GNU C library and shipped in the nscd binary package.

CVE-2024-33599

nscd: Stack-based buffer overflow in netgroup cache

CVE-2024-33600

nscd: Null pointer crashes after notfound response

CVE-2024-33601

nscd: Daemon may terminate on memory allocation failure

CVE-2024-33602

nscd: Possible memory corruption


For Debian 8 jessie, these problems have been fixed in version 2.19-18+deb8u14.

For Debian 9 stretch, these problems have been fixed in version 2.24-11+deb9u7.

We recommend that you upgrade your glibc packages.

Further information about Extended LTS security advisories can be found in the dedicated section of our website.