Lucene search
K

Debian dla-4621 : glibc-doc - security update

🗓️ 08 Jun 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 15 Views

Debian glibc security update DLA-4621-1 fixes several issues in the GNU C Library

Related
Refs
Code
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory dla-4621. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('compat.inc');

if (description)
{
  script_id(319637);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/08");

  script_cve_id(
    "CVE-2025-8058",
    "CVE-2025-15281",
    "CVE-2026-0861",
    "CVE-2026-0915",
    "CVE-2026-4046"
  );
  script_xref(name:"IAVA", value:"2025-A-0549-S");
  script_xref(name:"IAVA", value:"2026-A-0102");

  script_name(english:"Debian dla-4621 : glibc-doc - security update");

  script_set_attribute(attribute:"synopsis", value:
"The remote Debian host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the
dla-4621 advisory.

    - -------------------------------------------------------------------------
    Debian LTS Advisory DLA-4621-1                [email protected]
    https://www.debian.org/lts/security/                     Arnaud Rebillout
    June 08, 2026                                 https://wiki.debian.org/LTS
    - -------------------------------------------------------------------------

    Package        : glibc
    Version        : 2.31-13+deb11u14
    CVE ID         : CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915
                     CVE-2026-4046
    Debian Bug     : 1109803 1125678 1125748 1126266 1132499

    Several vulnerabilities have been discovered in the GNU C Library, the C
    standard library implementation used by Debian.

    CVE-2025-8058

        posix: Fix double-free after allocation failure in regcomp

        The regcomp function in the GNU C library version from 2.4 to 2.41 is
        subject to a double free if some previous allocation fails. It can be
        accomplished either by a malloc failure or by using an interposed
        malloc that injects random malloc failures. The double free can allow
        buffer manipulation depending of how the regex is constructed. This
        issue affects all architectures and ABIs supported by the GNU C
        library.

    CVE-2025-15281

        posix: Reset wordexp_t fields with WRDE_REUSE

        Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the
        GNU C Library version 2.0 to version 2.42 may cause the interface to
        return uninitialized memory in the we_wordv member, which on
        subsequent calls to wordfree may abort the process.

    CVE-2026-0861

        memalign: reinstate alignment overflow check

        Passing too large an alignment to the memalign suite of functions
        (memalign, posix_memalign, aligned_alloc) in the GNU C Library version
        2.30 to 2.42 may result in an integer overflow, which could
        consequently result in a heap corruption. Note that the attacker must
        have control over both, the size as well as the alignment arguments of
        the memalign function to be able to exploit this. The size parameter
        must be close enough to PTRDIFF_MAX so as to overflow size_t along
        with the large alignment argument. This limits the malicious inputs
        for the alignment for memalign to the range [1<<62+ 1, 1<<63] and
        exactly 1<<63 for posix_memalign and aligned_alloc. Typically the
        alignment argument passed to such functions is a known constrained
        quantity (e.g. page size, block size, struct sizes) and is not
        attacker controlled, because of which this may not be easily
        exploitable in practice. An application bug could potentially result
        in the input alignment being too large, e.g. due to a different buffer
        overflow or integer overflow in the application or its dependent
        libraries, but that is again an uncommon usage pattern given typical
        sources of alignments.

    CVE-2026-0915

        resolv: Fix NSS DNS backend for getnetbyaddr

        Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf
        that specifies the library's DNS backend for networks and queries for
        a zero-valued network in the GNU C Library version 2.0 to version 2.42
        can leak stack contents to the configured DNS resolver.

    CVE-2026-4046

        iconvdata: Use pending character state in IBM1390, IBM1399 character sets

        The iconv() function in the GNU C Library versions 2.43 and earlier
        may crash due to an assertion failure when converting inputs from the
        IBM1390 or IBM1399 character sets, which may be used to remotely crash
        an application. This vulnerability can be trivially mitigated by
        removing the IBM1390 and IBM1399 character sets from systems that do
        not need them.

    For Debian 11 bullseye, these problems have been fixed in version
    2.31-13+deb11u14.

    We recommend that you upgrade your glibc packages.

    For the detailed security status of glibc please refer to
    its security tracker page at:
    https://security-tracker.debian.org/tracker/glibc

    Further information about Debian LTS security advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://wiki.debian.org/LTS

Tenable has extracted the preceding description block directly from the Debian security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/source-package/glibc");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-15281");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2025-8058");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-0861");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-0915");
  script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2026-4046");
  script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/bullseye/glibc");
  script_set_attribute(attribute:"solution", value:
"Upgrade the glibc-doc packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-0915");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-0861");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-8058");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/03/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/06/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:glibc-source");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-dev-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-devtools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc-l10n");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-amd64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-dev-x32");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-i386");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-udeb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-x32");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libc6-xen");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:locales-all");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:11.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Debian Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}

include('debian_package.inc');

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);

var debian_release = get_kb_item('Host/Debian/release');
if ( isnull(debian_release) ) audit(AUDIT_OS_NOT, 'Debian');
debian_release = chomp(debian_release);
if (! preg(pattern:"^(11)\.[0-9]+", string:debian_release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + debian_release);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);

var pkgs = [
    {'release': '11.0', 'prefix': 'glibc-doc', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'glibc-source', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc-bin', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc-dev-bin', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc-devtools', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc-l10n', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6-amd64', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6-dbg', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6-dev', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6-dev-amd64', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6-dev-i386', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6-dev-x32', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6-i386', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6-udeb', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6-x32', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'libc6-xen', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'locales', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'locales-all', 'reference': '2.31-13+deb11u14'},
    {'release': '11.0', 'prefix': 'nscd', 'reference': '2.31-13+deb11u14'}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var _release = NULL;
  var prefix = NULL;
  var reference = NULL;
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (_release && prefix && reference) {
    if (deb_check(release:_release, prefix:prefix, reference:reference)) flag++;
  }
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : deb_report_get()
  );
  exit(0);
}
else
{
  var tested = deb_pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'glibc-doc / glibc-source / libc-bin / libc-dev-bin / libc-devtools / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

08 Jun 2026 00:00Current
7High risk
Vulners AI Score7
CVSS 3.18.4
CVSS 45.9
EPSS0.00564
SSVC
15