GNU glibc Library Security Update Advisory (CVE-2023-6246)

Feb 01 2024

Overview

An update has been made available to fix vulnerabilities in the GNU glibc library. Users of affected versions are advised to update to the latest version.

Affected Products

Versions of the GNU glibc library from 2.36 to less than 2.39

Resolved Vulnerabilities

Heap buffer overflow vulnerability in the __vsyslog_internal function in the GNU glibc library (CVE-2023-6246)

Vulnerability Patches

Vulnerability patches were made available in the February 1, 2024 update. Please follow the instructions on the reference site to update to the latest vulnerability patch version.

GNU glibc library version 2.39

Referenced Sites

[1] CVE-2023-6246 Detail
https://nvd.nist.gov/vuln/detail/CVE-2023-6246
[2] glibc syslog() Heap-Based Buffer Overflow
https://packetstormsecurity.com/files/176932/glibc-syslog-Heap-Based-Buffer-Overflow.html
[3] Bug 2249053 (CVE-2023-6246) – CVE-2023-6246 glibc: heap-based buffer overflow in __vsyslog_internal()
https://bugzilla.redhat.com/show_bug.cgi?id=2249053
[4] CVE-2023-6246
https://access.redhat.com/security/cve/CVE-2023-6246
[5] CVE-2023-6246
https://ubuntu.com/security/CVE-2023-6246

GNU glibc Library Security Update Advisory (CVE-2023-6246)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

FFmpeg Security Update Advisory (CVE-2024-22860, CVE-2024-22861, CVE-2024-22862)

BuildKit Security Update Advisory (CVE-2024-23652, CVE-2024-23653)

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

FFmpeg Security Update Advisory (CVE-2024-22860, CVE-2024-22861, CVE-2024-22862)

BuildKit Security Update Advisory (CVE-2024-23652, CVE-2024-23653)