sgerrand
commented
3 years ago Thanks for the reminder! I'll release v2.34 tomorrow. 👌
Closed HeikoH closed 3 years ago
sgerrand
commented
3 years ago Thanks for the reminder! I'll release v2.34 tomorrow. 👌
An update 2.34 would be much appreciated, given it addresses some CVEs:
CVE-2021-27645: The nameserver caching daemon (nscd), when processing a request for netgroup lookup, may crash due to a double-free, potentially resulting in degraded service or Denial of Service on the local system. Reported by Chris Schanzle.
CVE-2021-33574: The mq_notify function has a potential use-after-free issue when using a notification type of SIGEV_THREAD and a thread attribute with a non-default affinity mask.
CVE-2021-35942: The wordexp function may overflow the positional parameter number when processing the expansion resulting in a crash. Reported by Philippe Antoine.