This update for glibc fixes the following issues:
Security fixes:
- CVE-2026-4437: incorrect DNS response parsing via crafted DNS server response (bsc#1260078).
- CVE-2026-4438: invalid DNS hostname returned via gethostbyaddr functions (bsc#1260082).
Other fixes:
- nss: Missing checks in __nss_configure_lookup, __nss_database_get (bsc#1258319).
Patch instructions:
To install this openSUSE security update use the suse recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 16.0
zypper in -t patch openSUSE-Leap-16.0-516=1
- openSUSE Leap 16.0:
cross-aarch64-glibc-devel-2.40-160000.4.1
cross-ppc64le-glibc-devel-2.40-160000.4.1
cross-riscv64-glibc-devel-2.40-160000.4.1
cross-s390x-glibc-devel-2.40-160000.4.1
glibc-2.40-160000.4.1
glibc-devel-2.40-160000.4.1
glibc-devel-static-2.40-160000.4.1
glibc-extra-2.40-160000.4.1
glibc-gconv-modules-extra-2.40-160000.4.1
glibc-html-2.40-160000.4.1
glibc-i18ndata-2.40-160000.4.1
glibc-info-2.40-160000.4.1
glibc-lang-2.40-160000.4.1
glibc-locale-2.40-160000.4.1
glibc-locale-base-2.40-160000.4.1
glibc-profile-2.40-160000.4.1
glibc-utils-2.40-160000.4.1
* bsc#1258319
* bsc#1260078
* bsc#1260082
References:
* https://www.suse.com/security/cve/CVE-2026-4437.html
* https://www.suse.com/security/cve/CVE-2026-4438.html
Get the latest Linux and open source security news straight to your inbox.