Debian 11 Glibc Critical Memory Management Issues DLA-4621-1
debian lts
June 8, 2026
Several vulnerabilities have been discovered in the GNU C Library, the C standard library implementation used by Debian
Topics Covered
Summary
CVE-2025-8058
posix: Fix double-free after allocation failure in regcomp
The regcomp function in the GNU C library version from 2.4 to 2.41 is
subject to a double free if some previous allocation fails. It can be
accomplished either by a malloc failure or by using an interposed
malloc that injects random malloc failures. The double free can allow
buffer manipulation depending of how the regex is constructed. This
issue affects all architectures and ABIs supported by the GNU C
library.
CVE-2025-15281
posix: Reset wordexp_t fields with WRDE_REUSE
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the
GNU C Library version 2.0 to version 2.42 may cause the interface to
return uninitialized memory in the we_wordv member, which on
subsequent calls to wordfree may abort the process.
CVE-2026-0861
memalign: reinstate alignment overflow check
Passing too large an alignment to the memalign suite of functions
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: glibc
Version: 2.31-13+deb11u14
CVE ID: CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915
Debian Bug: 1109803 1125678 1125748 1126266 1132499
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!