glibc: Multiple Vulnerabilities — GLSA 202405-17

Multiple vulnerabilities have been discovered in glibc, the worst of which could lead to remote code execution.

Affected packages

Package 	sys-libs/glibc on all architectures
Affected versions 	< 2.38-r13
Unaffected versions 	>= 2.38-r13

Background

glibc is a package that contains the GNU C library.

Description

Multiple vulnerabilities have been discovered in glibc. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All glibc users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-libs/glibc-2.38-r13"
 

References

    CVE-2024-2961
    CVE-2024-33599
    CVE-2024-33600
    CVE-2024-33601
    CVE-2024-33602
    GLIBC-SA-2024-0004
    GLIBC-SA-2024-0005
    GLIBC-SA-2024-0006
    GLIBC-SA-2024-0007
    GLIBC-SA-2024-0008