{"id":"MGASA-2021-0308","summary":"Updated glibc packages fix security vulnerability","details":"The mq_notify function in the GNU C Library (aka glibc) versions 2.32 and\n2.33 has a use-after-free. It may use the notification thread attributes\nobject (passed through its struct sigevent parameter) after it has been\nfreed by the caller, leading to a denial of service (application crash)\nor possibly unspecified other impact (CVE-2021-33574).\n\nOther fixes in this update:\n- fix triggers so ldconfig is always run on both installing and\n  uninstalling libs (mga#28797)\n- Fix SXID_ERASE behavior in setuid programs [BZ#27471]\n","modified":"2026-02-01T17:25:59.072589Z","published":"2021-06-30T23:58:41Z","related":["CVE-2021-33574"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0308.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=29142"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=28797"},{"type":"REPORT","url":"https://sourceware.org/bugzilla/show_bug.cgi?id=27471"}],"affected":[{"package":{"name":"glibc","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/glibc?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.32-16.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0308.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}