[Deepin Integration]~[V23-Release] fix: CVE-2024-33599, CVE-2024-33600, CVE-2024-33601, CVE-2024-33602 by UTsweetyfish@deepin-community/glibc by deepin-community-ci-bot[bot]

[deepin-bot]

Package information | 软件包信息

包名	版本
glibc	2.38-6deepin3

Package repository address | 软件包仓库地址

deb [trusted=yes] https://ci.deepin.com/repo/obs/deepin:/CI:/TestingIntegration:/test-integration-pr-1369/testing/ ./

Changelog | 更新信息

glibc (2.38-6deepin3) unstable; urgency=medium

• debian/patches/git-updates.diff: update from upstream stable branch.
  • Fix a stack-based buffer overflow in nscd netgroup cache
    (CVE-2024-33599).
  • Fix a null pointer dereferences in nscd after failed netgroup cache
    insertion (CVE-2024-33600).
  • Fix a DoS in nscd in case of memory allocation failure (CVE-2024-33601).
  • Fix a memory corruption in nscd when the underlying NSS callback
    function does not use the buffer space to store all strings
    (CVE-2024-33602).

[deepin-bot]

Integration Test Info

Test suggestion | 测试建议

cve漏洞修复 详情查看一楼的changelog

Influence | 影响范围

安全漏洞

ADDITIONAL INFORMATION | 额外补充

[deepin-bot]

IntegrationProjector Notify the author
@UTsweetyfish: Integrated issue updated

[deepin-bot]

IntegrationProjector Bot
Deepin Testing Integration Project Manager Info
Link to deepin-community/Repository-Integration#1369

[babyfengfjx]

@kobe337 请开展集成验证。

[kobe337]

(CVE-2024-33599). 修复 nscd 网络组缓存中基于堆栈的缓冲区溢出
上游公告： 在 glibc 网络组缓存中发现基于堆栈的缓冲区溢出缺陷。在某些情况下，它可能会触发基于堆栈的缓冲区溢出情况，这可能导致溢出类攻击。经过查看上游给出的代码修复补丁，核对本次更新的代码通过。

[kobe337]

通过核对修复代码，校验通过。CVE-2024-33600

[kobe337]

CVE-2024-33601和CVE-2024-33602，查看上游修复代码，校验通过

[kobe337]

【环境】：
镜像：https://cdimage.uniontech.com/community/releases/23-Beta3/
仓库：提测单仓库
内核：Linux deepinb3-PC 6.6.25-amd64-desktop-hwe #23.01.00.25 SMP PREEMPT_DYNAMIC Wed Apr 10 21:20:25 CST 2024 x86_64 GNU/Linux

【结论】：
更新至20240430测试通过，暂无严重问题及影响，核对提测cve漏洞patch通过，安装校验、版本核对