This update for glibc fixes the following issues
- CVE-2026-5435: unchecked buffer writing in TSIG handling can lead to an out-of-bounds write (bsc#1263656).
- CVE-2026-6238: insufficient RDATA length validation can lead to application crashes or uninitialized memory disclosure
(bsc#1263658).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-1157=1
- openSUSE Leap 16.0:
cross-aarch64-glibc-devel-2.40-160000.6.1
cross-ppc64le-glibc-devel-2.40-160000.6.1
cross-riscv64-glibc-devel-2.40-160000.6.1
cross-s390x-glibc-devel-2.40-160000.6.1
glibc-2.40-160000.6.1
glibc-devel-2.40-160000.6.1
glibc-devel-static-2.40-160000.6.1
glibc-extra-2.40-160000.6.1
glibc-gconv-modules-extra-2.40-160000.6.1
glibc-html-2.40-160000.6.1
glibc-i18ndata-2.40-160000.6.1
glibc-info-2.40-160000.6.1
glibc-lang-2.40-160000.6.1
glibc-locale-2.40-160000.6.1
glibc-locale-base-2.40-160000.6.1
glibc-profile-2.40-160000.6.1
glibc-utils-2.40-160000.6.1
* bsc#1263656
* bsc#1263658
References:
* https://www.suse.com/security/cve/CVE-2026-5435.html
* https://www.suse.com/security/cve/CVE-2026-6238.html
Get the latest Linux and open source security news straight to your inbox.