This update for glibc fixes the following issues:
Security fixes:
- CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282).
- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).
- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).
- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).
Other fixes:
- NPTL: Optimize trylock for high cache contention workloads (bsc#1256436)
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-218=1
- openSUSE Leap 16.0:
cross-aarch64-glibc-devel-2.40-160000.3.1
cross-ppc64le-glibc-devel-2.40-160000.3.1
cross-riscv64-glibc-devel-2.40-160000.3.1
cross-s390x-glibc-devel-2.40-160000.3.1
glibc-2.40-160000.3.1
glibc-devel-2.40-160000.3.1
glibc-devel-static-2.40-160000.3.1
glibc-extra-2.40-160000.3.1
glibc-gconv-modules-extra-2.40-160000.3.1
glibc-html-2.40-160000.3.1
glibc-i18ndata-2.40-160000.3.1
glibc-info-2.40-160000.3.1
glibc-lang-2.40-160000.3.1
glibc-locale-2.40-160000.3.1
glibc-locale-base-2.40-160000.3.1
glibc-profile-2.40-160000.3.1
glibc-utils-2.40-160000.3.1
* bsc#1236282
* bsc#1256436
* bsc#1256766
* bsc#1256822
* bsc#1257005
References:
* https://www.suse.com/security/cve/CVE-2025-0395.html
* https://www.suse.com/security/cve/CVE-2025-15281.html
* https://www.suse.com/security/cve/CVE-2026-0861.html
* https://www.suse.com/security/cve/CVE-2026-0915.html
Get the latest Linux and open source security news straight to your inbox.