This update for glibc fixes the following issues
- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).
- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).
- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-761=1
- openSUSE Leap 16.0:
cross-aarch64-glibc-devel-2.40-160000.5.1
cross-ppc64le-glibc-devel-2.40-160000.5.1
cross-riscv64-glibc-devel-2.40-160000.5.1
cross-s390x-glibc-devel-2.40-160000.5.1
glibc-2.40-160000.5.1
glibc-devel-2.40-160000.5.1
glibc-devel-static-2.40-160000.5.1
glibc-extra-2.40-160000.5.1
glibc-gconv-modules-extra-2.40-160000.5.1
glibc-html-2.40-160000.5.1
glibc-i18ndata-2.40-160000.5.1
glibc-info-2.40-160000.5.1
glibc-lang-2.40-160000.5.1
glibc-locale-2.40-160000.5.1
glibc-locale-base-2.40-160000.5.1
glibc-profile-2.40-160000.5.1
glibc-utils-2.40-160000.5.1
* bsc#1261206
* bsc#1262464
* bsc#1262465
References:
* https://www.suse.com/security/cve/CVE-2026-4046.html
* https://www.suse.com/security/cve/CVE-2026-5450.html
* https://www.suse.com/security/cve/CVE-2026-5928.html
Get the latest Linux and open source security news straight to your inbox.