Alerts This Week
Warning Icon 1 640
Alerts This Week
Warning Icon 1 640

openSUSE Leap 16.0 glibc Important Heap Overflow Denial of Service 20764-1

opensuse
Calendar Grey May 19, 2026
Dist Opensuse Esm H88
Critical security update for openSUSE Leap 16.0 fixing glibc vulnerabilities including heap overflow and data leak issues.
An update that solves 3 vulnerabilities and has 3 bug fixes can now be installed.

Description

This update for glibc fixes the following issues

- CVE-2026-4046: assertion failure when converting inputs may be used to remotely crash an application (bsc#1261206).

- CVE-2026-5450: stdio-common: scanf %mc pattern will cause heap overflow when width > 1024 (bsc#1262465).

- CVE-2026-5928: libio: ungetwc could be used to leak data on special conditions (bsc#1262464).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-761=1

Patch

Package List

- openSUSE Leap 16.0:

cross-aarch64-glibc-devel-2.40-160000.5.1

cross-ppc64le-glibc-devel-2.40-160000.5.1

cross-riscv64-glibc-devel-2.40-160000.5.1

cross-s390x-glibc-devel-2.40-160000.5.1

glibc-2.40-160000.5.1

glibc-devel-2.40-160000.5.1

glibc-devel-static-2.40-160000.5.1

glibc-extra-2.40-160000.5.1

glibc-gconv-modules-extra-2.40-160000.5.1

glibc-html-2.40-160000.5.1

glibc-i18ndata-2.40-160000.5.1

glibc-info-2.40-160000.5.1

glibc-lang-2.40-160000.5.1

glibc-locale-2.40-160000.5.1

glibc-locale-base-2.40-160000.5.1

glibc-profile-2.40-160000.5.1

glibc-utils-2.40-160000.5.1

References

* bsc#1261206

* bsc#1262464

* bsc#1262465

References:

* https://www.suse.com/security/cve/CVE-2026-4046.html

* https://www.suse.com/security/cve/CVE-2026-5450.html

* https://www.suse.com/security/cve/CVE-2026-5928.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20764-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here