GNU C Library Security Update Advisory

Apr 24 2024

Overview

We have released a security update to address a vulnerability in the GNU C library. users of affected products are advised to update to the latest version.

Affected Products

GNU C Library versions 2.39 or below

Resolved Vulnerabilities

The iconv() function in the GNU C library could overflow the passed output buffer by up to four bytes when converting a string to the ISO-2022-CN-EXT character set (CVE-2024-2961)

Vulnerability Patches

Vulnerability Patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

GNU C libraries at least version 2.40

Referenced Sites

[1] CVE-2024-2961 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-2961

[2] ISO-2022-CN-EXT: fix out-of-bound writes when writing escape sequence

https://sourceware.org/git/?p=glibc.git;a=blob;f=advisories/GLIBC-SA-2024-0004

GNU C Library Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Cisco Product Security Update Advisory

Cisco Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Cisco Product Security Update Advisory

Cisco Product Security Update Advisory