OESA-2026-2489 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2026-2412 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2026-2410 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

OESA-2026-2409 glibc security update

The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational...

SUSE-SU-2026:21688-1 Security update for glibc

This update for glibc fixes the following issues - CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application bsc1261206. - CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width 1024 bsc1262465. - CVE-2026-5928: libio: ungetwc...

Fedora 43 : glibc (2026-4b7780802c)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-4b7780802c advisory. This update provides various security fixes. Buffer overflow in scanf %mc CVE-2026-5450 nssprintrrf buffer overreads CVE-2026-6238 nssprintrrf buffe...

SUSE CVE-2026-5450

Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow...

DEBIAN-CVE-2026-5450

Calling the scanf family of functions with a %mc malloc'd character match in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow...

kill_sntsd.pl

I noticed an uncommon scanf overflow in the Simple Network Time Sync daemon and client version 1.0, tested on Redhat 6.1. I haven't looked into this fully yet, but it looks as tho it could be root comprimising as it sits on a priveledged udp port and seems to coredump, but looks like it only give...