Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

openSUSE Leap 16.0 glibc Important issues CVE-2026-4437 CVE-2026-4438

opensuse
Calendar Grey April 21, 2026
Dist Opensuse Esm H88
Update available for openSUSE fixing critical issues in glibc related to DNS response parsing and hostname retrieval.
An update that solves 2 vulnerabilities and has 3 bug fixes can now be installed.

Description

This update for glibc fixes the following issues:

Security fixes:

- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).

- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).

Other fixes:

- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319).

Patch instructions:

To install this openSUSE security update use the suse recommended installation methods

like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 16.0

zypper in -t patch openSUSE-Leap-16.0-516=1

Patch

Package List

- openSUSE Leap 16.0:

cross-aarch64-glibc-devel-2.40-160000.4.1

cross-ppc64le-glibc-devel-2.40-160000.4.1

cross-riscv64-glibc-devel-2.40-160000.4.1

cross-s390x-glibc-devel-2.40-160000.4.1

glibc-2.40-160000.4.1

glibc-devel-2.40-160000.4.1

glibc-devel-static-2.40-160000.4.1

glibc-extra-2.40-160000.4.1

glibc-gconv-modules-extra-2.40-160000.4.1

glibc-html-2.40-160000.4.1

glibc-i18ndata-2.40-160000.4.1

glibc-info-2.40-160000.4.1

glibc-lang-2.40-160000.4.1

glibc-locale-2.40-160000.4.1

glibc-locale-base-2.40-160000.4.1

glibc-profile-2.40-160000.4.1

glibc-utils-2.40-160000.4.1

References

* bsc#1258319

* bsc#1260078

* bsc#1260082

References:

* https://www.suse.com/security/cve/CVE-2026-4437.html

* https://www.suse.com/security/cve/CVE-2026-4438.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20501-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here