CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

UBUNTU-CVE-2026-4438

Calling gethostbyaddr or gethostbyaddrr with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification...

CVE-2026-0915

CVE-2026-0915 concerns glibc’s DNS handling: uninitialized stack buffer used as DNS query name when net==0 can leak stack contents to the DNS resolver. Connected advisories indicate affected packages (glibc) with fixes in versions >= 2.35-9 (e.g., SUSE/OpenSUSE, Ubuntu, Rocky Linux, AlmaLinux,...

ROS-20250707-06

Vulnerability of the sudo system administration program is related to insufficient implementation of security measures when running sudo with the -h option --host. security measures when sudo is run with the -h --host option. Exploiting the vulnerability could allow an attacker to elevate their...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 Local Privilege Escalation in Sudo via Maliciou...

CVE-2025-32463

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option...

CVE-2025-32463

CVE-2025-32463 affects the sudo utility prior to 1.9.17p1. The vulnerability arises when /etc/nsswitch.conf is sourced from a user-controlled directory via the --chroot option, enabling local users to obtain root access. Connected sources also describe related behavior where a sudoers entry that ...

EUVD-2025-19673

Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled directory is used with the --chroot option...

systemd security update

239-82.0.1 - Fixed deletion issue for symlink when device is opened Orabug: 36228608 - Fix local-fs and remote-fs targets during system boot replaces old Orabug: 25897792 Orabug: 35871376 - 1A Add 'systemd-fstab-generator-reload-targets.service' file Orabug: 35871376 - 1B Add required rpms for...

AZL-43501 CVE-2024-25629 affecting package python-pycares 3.1.1-3

c-ares is a C library for asynchronous DNS requests. aresreadline is used to parse local configuration files such as /etc/resolv.conf, /etc/nsswitch.conf, the HOSTALIASES file, and if using a c-ares version prior to 1.27.0, the /etc/hosts file. If any of these configuration files has an embedded...

EulerOS 2.0 SP10 : glibc (EulerOS-SA-2023-3212)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash...

EulerOS Virtualization 2.10.0 : glibc (EulerOS-SA-2023-3471)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an...

EulerOS 2.0 SP9 : glibc (EulerOS-SA-2023-3330)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an extremely rare situation, the getaddrinfo function may access memory that has been freed, resulting in an...

EulerOS 2.0 SP10 : glibc (EulerOS-SA-2023-3177)

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash...

Oracle Linux 8 : glibc (ELSA-2023-5455)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2023-5455 advisory. - CVE-2023-4527: Stack read overflow in getaddrinfo in no-aaa mode. - CVE-2023-4813: potential use-after-free in gaihinet RHEL-2435. Tenable has...

CVE-2023-4813

A flaw has been identified in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...

Design/Logic Flaw

A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue...

CVE-2023-4813

A flaw has been identified in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with...

CVE-2023-4813

A flaw was found in glibc. In an uncommon situation, the gaihinet function may use memory that has been freed, resulting in an application crash. This issue is only exploitable when the getaddrinfo function is called and the hosts database in /etc/nsswitch.conf is configured with SUCCESS=continue...

glibc security, bug fix, and enhancement update

2.28-101.0.1 - add Ampere emag to tunable cpu list Patrick McGehearty - add optimized memset for emag - add an ASIMD variant of strlen for falkor - Orabug: 2700101. - Modify glibc-ora28849085.patch so it works with RHCK kernels. - Orabug: 28849085. - Make IOfunlockfile match funlockfile and...