Alerts This Week
Warning Icon 1 1,111
Alerts This Week
Warning Icon 1 1,111

Slackware 15.0: 2025-140-01: glibc critical: local library exploit

slackware
Calendar Grey May 20, 2025
Dist Slackware Esm H88
Updated glibc packages have been released for Slackware 15.0 to address a vulnerability associated with dynamic library loading.
New glibc packages are available for Slackware 15.0 to fix a security issue

Summary

Here are the details from the Slackware 15.0 ChangeLog: patches/packages/aaa_glibc-solibs-2.33-i586-8_slack15.0.txz: Rebuilt. patches/packages/glibc-2.33-i586-8_slack15.0.txz: Rebuilt. This update fixes a security issue: elf: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH. A statically linked setuid binary that calls dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo) may incorrectly search LD_LIBRARY_PATH to determine which library to load, leading to the execution of library code that is attacker controlled. The only viable vector for exploitation of this bug is local, if a static setuid program exists, and that program calls dlopen, then it may search LD_LIBRARY_PATH to locate the SONAME to load. No such program has been discovered at the time of publishing this advisory, but the presence of custom setuid programs, although strongly discouraged as a security practice, cannot be

Read the Full Advisory

Where Find New Packages

Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://www.slackware.com/ for additional mirror sites near you.
Updated packages for Slackware 15.0: ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/aaa_glibc-solibs-2.33-i586-8_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-2.33-i586-8_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-i18n-2.33-i586-8_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware-15.0/patches/packages/glibc-profile-2.33-i586-8_slack15.0.txz
Updated packages for Slackware x86_64 15.0: ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/aaa_glibc-solibs-2.33-x86_64-8_slack15.0.txz ftp://ftp.slackware.com/pub/slackware/slackware64-15.0/patches/packages/glibc-2.33-x86_64-8_slack15.0.txz ftp://ftp.slackware...

Read the Full Advisory

MD5 Signatures

Slackware 15.0 packages: 0d6fe8fe463ebaf50ad2f335635d801d aaa_glibc-solibs-2.33-i586-8_slack15.0.txz 4f5f063a67b275a8eab96ace5cadbc7d glibc-2.33-i586-8_slack15.0.txz 59316f8f6f5ecb043da509b615af8061 glibc-i18n-2.33-i586-8_slack15.0.txz 1afddcd24eee4f113e7562c530b73ec1 glibc-profile-2.33-i586-8_slack15.0.txz
Slackware x86_64 15.0 packages: f0c598d8e66dd091365799e0ed018297 aaa_glibc-solibs-2.33-x86_64-8_slack15.0.txz 2e1bf009814661164c9553c15a9ea5f2 glibc-2.33-x86_64-8_slack15.0.txz c71a388da759ac908b619c9ef773c8bf glibc-i18n-2.33-x86_64-8_slack15.0.txz 2b356a71d4e6766e9d4bee16c9ed7ac4 glibc-profile-2.33-x86_64-8_slack15.0.txz

Severity
critical
Lowest
Low
Medium
High
Critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Installation Instructions

Installation instructions: Upgrade the packages as root: # upgradepkg *glibc-*.txz

Your message here