Important Security Update for Rocky LTS Users

CIQ is pleased to announce a recent update to our security measures that reinforces our commitment to proactively maintaining the reliability and security of your systems. Recently, our team identified potential vulnerabilities in the glibc (the C runtime library). Acting swiftly, we developed and deployed patches to ensure your systems remain protected against these threats.

The patch deployment for Rocky 9.2 LTS (glibc-2.34) was completed on April 29 and Rocky 8.6/8.8 LTS (glibc-2.28) on May 3.

CVE Details and Impact

• CVE-2024-2961: CVSS 8.8 - Important
• CVE-2024-33599: CVSS 7.6 - Important
• CVE-2024-33600: CVSS 5.3 - Moderate
• CVE-2024-33601 & CVE-2024-33602: CVSS 4.0 - Low

Patch Availability

The patches for these vulnerabilities are available immediately if you’re subscribed to CIQ’s LTS offering. We encourage you to update your systems promptly to protect against these vulnerabilities. These patches are also publicly available in our GitHub Repository, and if you’re subscribed to LTS via Mountain, these patches are available by doing a dnf update. If you are not subscribed to our LTS offering and would like to receive updates like this, please contact csm-help@ciq.com.

If you have any questions or require further assistance, our support team is ready to help at any time and can be reached at support@ciq.com. Thank you for trusting us to help keep your systems secure!