RLSA-2026:20587 Moderate: glibc security update

The glibc packages provide the standard C libraries libc, POSIX thread libraries libpthread, standard math libraries libm, and the name service cache daemon nscd used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fixes: glibc:...

OESA-2026-2409 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

Linux Distros Unpatched Vulnerability : CVE-2026-5358

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The obsolete nislocalprincipal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to...

CVE-2026-5928

CVE-2026-5928 affects glibc’s ungetwc on FILE streams with wide characters where overlaps between single-byte and multi-byte encodings occur, in version 2.43 or earlier. A bug in the wide character pushback (_IO_wdefault_pbackfail) causes ungetwc() to operate on the regular input buffer (fp->_...

CVE-2026-4438

A flaw was found in the GNU C library glibc. When applications use the gethostbyaddr or gethostbyaddrr functions with a nsswitch.conf configuration that specifies glibc's DNS backend, the library may return an invalid DNS hostname. This violates the DNS specification and could lead to application...

CVE-2026-4437 gethostbyaddr and gethostbyaddr_r may incorrectly handle DNS response

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that causes the...

CVE-2026-3904

Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x8664 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. The nscd client in the...

CVE-2025-15281

Calling wordexp with WRDEREUSE in conjunction with WRDEAPPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the wewordv member, which on subsequent calls to wordfree may abort the process...

CVE-2025-15281

CVE-2025-15281 concerns the GNU C Library (glibc). The issue arises when wordexp is used with WRDE_REUSE together with WRDE_APPEND, which can cause we_wordv to be returned with uninitialized memory. On subsequent wordfree calls this memory state may trigger a process abort. The CVE is reflected i...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glibc (SUSE-SU-2025:02964-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02964-1 advisory. - CVE-2025-8058: Fixed double-free after allocation failure in regcomp. bsc1246965 Tenable has extracted...

DEBIAN-CVE-2025-5745

The strncmp implementation optimized for the Power10 processor in the GNU C Library version 2.40 and later writes to vector registers v20 to v31 without saving contents from the caller those registers are defined as non-volatile registers by the powerpc64le ABI, resulting in overwriting of its...

GNU libcdio 安全漏洞

GNU libcdio is a library developed by the GNU Project for accessing CD-ROMs and CD images, and is mainly used to handle CD-ROM file system reading, directory structure parsing and other functions. A buffer overflow vulnerability exists in GNU libcdio, which can be exploited by an attacker to...

USN-6762-1 eglibc, glibc vulnerabilities

It was discovered that GNU C Library incorrectly handled netgroup requests. An attacker could possibly use this issue to cause a crash or execute arbitrary code. This issue only affected Ubuntu 14.04 LTS. CVE-2014-9984 It was discovered that GNU C Library might allow context-dependent attackers t...

GNU C Library Memory Leak Vulnerability

GNU C Library is a C standard library implemented by the GNU project to provide underlying API support for the Linux system, encapsulating basic functions such as file operations, memory management, and process control. A memory leak vulnerability exists in GNU C Library, which can be exploited b...

Debian: Security Advisory (DLA-476-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE CVE-2019-6488

The string component in the GNU C Library aka glibc or libc6 through 2.28, when running on the x32 architecture, incorrectly attempts to use a 64-bit register for sizet in assembly codes, which can lead to a segmentation fault or possibly unspecified other impact, as demonstrated by a crash in...

AZL-7486 CVE-2022-23218 affecting package glibc for versions less than 2.35-1

The deprecated compatibility function svcunixcreate in the sunrpc module of the GNU C Library aka glibc through 2.34 copies its path argument on the stack without validating its length, which may result in a buffer overflow, potentially resulting in a denial of service or if an application is not...

Gnu Multiple Precision Arithmetic Library 输入验证错误漏洞

Gnu Multiple Precision Arithmetic Library Gmp is a free library for arbitrary precision arithmetic from the Gnu Project. It is used to perform arithmetic on signed integers, rational numbers and floating point numbers. A security vulnerability exists in GNU Multiple Precision Arithmetic Library G...

PT-2021-7355 · Gnu +8 · Gmp +8

Name of the Vulnerable Software and Affected Versions: GNU Multiple Precision Arithmetic Library GMP versions through 6.2.1 Description: The issue is related to an integer overflow and resultant buffer overflow in the mpz/inp raw.c component of the GNU Multiple Precision Arithmetic Library GMP on...

A use-after-free vulnerability introduced in glibc upstream version 2.14 was found in the way the tilde expansion was carried out. Directory paths containing an initial tilde followed by a valid username were affected by this issue. A local attacker could exploit this flaw by creating a specially crafted path that when processed by the glob function would potentially lead to arbitrary code execution. This was fixed in version 2.32.

...