MiracleLinux 8 : glibc-2.28-164.el8 (AXSA:2021-2585:08)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2021-2585:08 advisory. glibc: Arbitrary read in wordexp CVE-2021-35942 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c CVE-2021-27645 glibc: mqnotify...

K43700555: GNU C Library (glibc) vulnerability CVE-2021-33574

Security Advisory Description The mqnotify function in the GNU C Library aka glibc versions 2.32 and 2.33 has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service...

glibc: mq_notify does not handle separately allocated thread attributes

The mqnotify function in the GNU C Library aka glibc has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly unspecified other impact...

CLSA-2021-1629395067 Fix of CVE: CVE-2021-33574, CVE-2021-35942, CVE-2021-38604

Adopt pthreadattrcopy functionality, test case is included - CVE-2021-33574: avoid use-after-free vulnerability - CVE-2021-35942: avoid out-of-bounds read via signed integer overflow in array index - CVE-2021-38604: considered. No NULL pointer dereference is possible...

CVE-2021-33574

The mqnotify function in the GNU C Library aka glibc has a use-after-free. It may use the notification thread attributes object passed through its struct sigevent parameter after it has been freed by the caller, leading to a denial of service application crash or possibly unspecified other impact...