Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Leap 16.0 ID 2026-20133-1 glibc Serious Memory Corruption Bugs

opensuse
Calendar Grey February 3, 2026
Dist Opensuse Esm H88
Update resolves 4 important issues in glibc with various bug fixes for openSUSE Leap 16.0 systems. Install now!
An update that solves 4 vulnerabilities and has 5 bug fixes can now be installed.

Description

This update for glibc fixes the following issues:

Security fixes:

- CVE-2025-0395: Fixed buffer overflow in the assert() function (bsc#1236282).

- CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256766).

- CVE-2026-0915: Fixed uninitialized stack buffer used as DNS query name when net==0 in _nss_dns_getnetbyaddr_r (bsc#1256822).

- CVE-2025-15281: Fixed uninitialized memory may cause the process abort (bsc#1257005).

Other fixes:

- NPTL: Optimize trylock for high cache contention workloads (bsc#1256436)

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-218=1

Patch

Package List

- openSUSE Leap 16.0:

cross-aarch64-glibc-devel-2.40-160000.3.1

cross-ppc64le-glibc-devel-2.40-160000.3.1

cross-riscv64-glibc-devel-2.40-160000.3.1

cross-s390x-glibc-devel-2.40-160000.3.1

glibc-2.40-160000.3.1

glibc-devel-2.40-160000.3.1

glibc-devel-static-2.40-160000.3.1

glibc-extra-2.40-160000.3.1

glibc-gconv-modules-extra-2.40-160000.3.1

glibc-html-2.40-160000.3.1

glibc-i18ndata-2.40-160000.3.1

glibc-info-2.40-160000.3.1

glibc-lang-2.40-160000.3.1

glibc-locale-2.40-160000.3.1

glibc-locale-base-2.40-160000.3.1

glibc-profile-2.40-160000.3.1

glibc-utils-2.40-160000.3.1

References

* bsc#1236282

* bsc#1256436

* bsc#1256766

* bsc#1256822

* bsc#1257005

References:

* https://www.suse.com/security/cve/CVE-2025-0395.html

* https://www.suse.com/security/cve/CVE-2025-15281.html

* https://www.suse.com/security/cve/CVE-2026-0861.html

* https://www.suse.com/security/cve/CVE-2026-0915.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20133-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here