According to https://security-tracker.debian.org/tracker/CVE-2024-2961 we need to update glibc
in sagitta - from 2.36-9+deb12u4 to 2.36-9+deb12u6
in equuleus - from 2.28-10+deb10u2 to 2.28-10+deb10u3
Description
Description
Details
Details
- Version
- VyOS 1.3.6, VyOS 1.4.0-epa2
- Is it a breaking change?
- Perfectly compatible
- Issue type
- Security vulnerability
Event Timeline
Comment Actions
Fixed
vyos@r1-right:~$ show version all | match "GNU C L" ii libc-bin 2.28-10+deb10u3 amd64 GNU C Library: Binaries ii libc-l10n 2.28-10+deb10u3 all GNU C Library: localization files ii libc6:amd64 2.28-10+deb10u3 amd64 GNU C Library: Shared libraries ii locales 2.28-10+deb10u3 all GNU C Library: National Language (locale) data [support] vyos@r1-right:~$ vyos@r1-right:~$ show version Version: VyOS 1.3-stable-202405090514 Release train: equuleus
Comment Actions
For 1.4 also fixed
vyos@r1-right:~$ show version all | match "GNU C L" ii libc-bin 2.36-9+deb12u7 amd64 GNU C Library: Binaries ii libc-l10n 2.36-9+deb12u7 all GNU C Library: localization files ii libc6:amd64 2.36-9+deb12u7 amd64 GNU C Library: Shared libraries ii locales 2.36-9+deb12u7 all GNU C Library: National Language (locale) data [support] vyos@r1-right:~$ vyos@r1-right:~$ show ver Version: VyOS 1.4-stable-202405090309 Release train: sagitta