Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Fedora 42: FEDORA-2025-851644b160 critical: glibc string vulnerabilities

fedora
Calendar Grey June 24, 2025
Dist Fedora Esm H88
Fedora 42 release introduces vital patches for two significant string manipulation vulnerabilities along with important fixes for TLS management related bugs.
This update addresses two string function vulnerabilities specific to POWER10 machines (CVE-2025-5702, CVE-2025-5745) and fixes a bug in TLS management when auditors are used (rhbz...

Summary

The glibc package contains standard libraries which are used by

multiple programs on the system. In order to save disk space and

memory, as well as to make upgrading easier, common system code is

kept in one place and shared between programs. This particular package

contains the most important sets of shared libraries: the standard C

library and the standard math library. Without these two libraries, a

Linux system will not function.

Update Information:

This update addresses two string function vulnerabilities specific to POWER10 machines (CVE-2025-5702, CVE-2025-5745) and fixes a bug in TLS management when auditors are used (rhbz#2330213).

Topics%20covered

Topics Covered

security advisory fedora critical string functions power10 TLS management

Change Log

* Fri Jun 20 2025 Florian Weimer - 2.41-7 - Auto-sync with upstream branch release/2.41/master, commit 6e489c17f827317bcf8544efefa65f13b5a079dc: - ppc64le: Revert "powerpc: Optimized strcmp for power10" (CVE-2025-5702) - ppc64le: Revert "powerpc : Add optimized memchr for POWER10" (Bug 33059) - ppc64le: Revert "powerpc: Fix performance issues of strcmp power10" (CVE-2025-5702) - ppc64le: Revert "powerpc: Optimized strncmp for power10" (CVE-2025-5745) - elf: Keep using minimal malloc after early DTV resize (bug 32412) - nptl: Fix pthread_getattr_np when modules with execstack are allowed (BZ 32897)

References


[ 1 ] Bug #2330213 - ld.so calls realloc on a DTV which wasn't allocated with malloc https://bugzilla.redhat.com/show_bug.cgi?id=2330213 [ 2 ] Bug #2370507 - CVE-2025-5702 glibc: From CVEorg collector [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370507 [ 3 ] Bug #2370512 - CVE-2025-5745 glibc: From CVEorg collector [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2370512

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2025-851644b160' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: glibc
Product: Fedora 42
Version: 2.41
Release: 7.fc42
URL: http://www.gnu.org/software/glibc/
Summary: The GNU libc libraries

Topics%20covered

Topics Covered

security advisory fedora critical string functions power10 TLS management

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here