Stay Vigilant with Timely Linux Security Advisories

Loading...

security advisorypatchglibc

SUSE: 2025:0562-1 low: fix for glibc underallocation issue found

* bsc#1236282 Cross-References: * CVE-2025-0395 . # Security update for glibc Announcement ID: SUSE-SU-2025:0562-1 Release Date: 2025-02-17T11:45:11Z Rating: low References: * bsc#1236282 Cross-References: * CVE-2025-0395 CVSS scores: * CVE-2025-0395 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-0395 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2025-0395 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Micro 5.1 * SUSE Linux Enterprise Micro 5.2 * SUSE Linux Enterprise Micro 5.3 * SUSE Linux Enterprise Micro 5.4 * SUSE Linux Enterprise Micro 5.5 * SUSE Linux Enterprise Micro for Rancher 5.2 * SUSE Linux Enterprise Micro for Rancher 5.3 * SUSE Linux Enterprise Micro for Rancher 5.4 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP4 LTSS * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability can now be installed. ##Description: This update for glibc fixes the following issues: * CVE-2025-0395: Fix underallocation of abort_msg_s struct (bsc#1236282) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2025-562=1 * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-562=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2025-562=1 * SUSE Linux Enterprise Micro for Rancher 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-562=1 * SUSE Linux Enterprise Micro 5.4 zypper in -t patch SUSE-SLE-Micro-5.4-2025-562=1 * SUSE Linux Enterprise Micro 5.5 zypper in -t patch SUSE-SLE-Micro-5.5-2025-562=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2025-562=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-ESPOS-2025-562=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 zypper in -t patch SUSE-SLE-Product-HPC-15-SP4-LTSS-2025-562=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-562=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-562=1 * SUSE Linux Enterprise Server 15 SP3 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2025-562=1 * SUSE Linux Enterprise Server 15 SP4 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP4-LTSS-2025-562=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-562=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patchSUSE-SLE-Product-SLES_SAP-15-SP3-2025-562=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP4-2025-562=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2025-562=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2025-562=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2025-562=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2025-562=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2025-562=1 * SUSE Linux Enterprise Micro 5.1 zypper in -t patch SUSE-SUSE-MicroOS-5.1-2025-562=1 * SUSE Linux Enterprise Micro 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-562=1 * SUSE Linux Enterprise Micro for Rancher 5.2 zypper in -t patch SUSE-SUSE-MicroOS-5.2-2025-562=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586 i686) * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * glibc-extra-2.31-150300.92.1 * nscd-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * openSUSE Leap 15.3 (noarch) * glibc-info-2.31-150300.92.1 * glibc-html-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * openSUSE Leap 15.3(x86_64) * glibc-profile-32bit-2.31-150300.92.1 * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-static-32bit-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-utils-32bit-2.31-150300.92.1 * glibc-utils-32bit-debuginfo-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * openSUSE Leap 15.3 (aarch64_ilp32) * glibc-utils-64bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-64bit-debuginfo-2.31-150300.92.1 * glibc-devel-64bit-debuginfo-2.31-150300.92.1 * glibc-devel-static-64bit-2.31-150300.92.1 * glibc-utils-64bit-2.31-150300.92.1 * glibc-64bit-debuginfo-2.31-150300.92.1 * glibc-64bit-2.31-150300.92.1 * glibc-devel-64bit-2.31-150300.92.1 * glibc-locale-base-64bit-2.31-150300.92.1 * glibc-profile-64bit-2.31-150300.92.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Micro for Rancher 5.4 (aarch64 s390x x86_64) * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 *glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Micro 5.4 (aarch64 s390x x86_64) * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Micro 5.5 (aarch64 ppc64le s390x x86_64) * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 *glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (aarch64 x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP4 (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (aarch64 x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 *glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP4 (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (aarch64 ppc64le s390x x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (noarch) *glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise Server 15 SP3 LTSS (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (aarch64 ppc64le s390x x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise Server 15 SP4 LTSS (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 *glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (ppc64le x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Manager Proxy 4.3 (x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Manager Proxy 4.3 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Manager Retail Branch Server 4.3 (x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 *glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Manager Server 4.3 (ppc64le s390x x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Manager Server 4.3 (noarch) * glibc-info-2.31-150300.92.1 * glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Manager Server 4.3 (x86_64) * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-32bit-debuginfo-2.31-150300.92.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * glibc-extra-2.31-150300.92.1 * glibc-devel-debuginfo-2.31-150300.92.1 * glibc-devel-2.31-150300.92.1 * nscd-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * nscd-debuginfo-2.31-150300.92.1 * glibc-extra-debuginfo-2.31-150300.92.1 * glibc-utils-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-utils-src-debugsource-2.31-150300.92.1 * glibc-profile-2.31-150300.92.1 * glibc-utils-debuginfo-2.31-150300.92.1 * glibc-devel-static-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Enterprise Storage 7.1 (noarch) * glibc-info-2.31-150300.92.1 *glibc-lang-2.31-150300.92.1 * glibc-i18ndata-2.31-150300.92.1 * SUSE Enterprise Storage 7.1 (x86_64) * glibc-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-debuginfo-2.31-150300.92.1 * glibc-locale-base-32bit-2.31-150300.92.1 * glibc-32bit-2.31-150300.92.1 * glibc-locale-base-32bit-debuginfo-2.31-150300.92.1 * glibc-devel-32bit-2.31-150300.92.1 * SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64) * glibc-devel-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64) * glibc-devel-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 * SUSE Linux Enterprise Micro for Rancher 5.2 (aarch64 s390x x86_64) * glibc-devel-2.31-150300.92.1 * glibc-locale-base-2.31-150300.92.1 * glibc-debuginfo-2.31-150300.92.1 * glibc-locale-base-debuginfo-2.31-150300.92.1 * glibc-locale-2.31-150300.92.1 * glibc-debugsource-2.31-150300.92.1 * glibc-2.31-150300.92.1 ## References: * https://www.suse.com/security/cve/CVE-2025-0395.html * https://bugzilla.suse.com/show_bug.cgi?id=1236282 . Critical patch for glibc addressing CVE-2025-0395 vulnerability issued. Update now to safeguard your infrastructure.. glibc Update,SUSE Security Advisory,OpenSUSE Security Fix. . Severity: Low. LinuxSecurity.com Team

Feb 17, 2025 •Low SuSE

security advisorymoderate severityglibc issue

SUSE: 2023:905-1 Moderate: Glibc Buffer Overflow Security Update

The container bci/dotnet-runtime was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/dotnet-runtime ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2023:905-1 Container Tags : bci/dotnet-runtime:7.0 , bci/dotnet-runtime:7.0-10.14 , bci/dotnet-runtime:7.0.4 , bci/dotnet-runtime:7.0.4-10.14 , bci/dotnet-runtime:latest Container Release : 10.14 Severity : moderate Type : security References : 1207571 1207957 1207975 1208358 CVE-2023-0687 ----------------------------------------------------------------- The container bci/dotnet-runtime was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2023:1718-1 Released: Fri Mar 31 15:47:34 2023 Summary: Security update for glibc Type: security Severity: moderate References: 1207571,1207957,1207975,1208358,CVE-2023-0687 This update for glibc fixes the following issues: Security issue fixed: - CVE-2023-0687: Fix allocated buffer overflow in gmon (bsc#1207975) Other issues fixed: - Fix avx2 strncmp offset compare condition check (bsc#1208358) - elf: Allow dlopen of filter object to work (bsc#1207571) - powerpc: Fix unrecognized instruction errors with recent GCC - x86: Cache computation for AMD architecture (bsc#1207957) The following package changes have been done: - glibc-2.31-150300.46.1 updated - container:sles15-image-15.0.0-27.14.47 updated . SUSE Container Security Notification: bci/python-runtime tackles moderate vulnerabilities involving glibc concerns across multiple tags.. Container, Security Update, BCI/Dotnet-Runtime. . LinuxSecurity.com Team

Apr 02, 2023 SuSE

security advisoryhigh severityglibc issue

Arch Linux: ASA-201502-8 High: Glibc Exploitable Exploits

The package glibc before version 2.21-1 has multiple issues that could be exploitable. . Arch Linux Security Advisory ASA-201502-8 ======================================== Severity: High Date : 2015-02-09 CVE-ID : CVE-2015-1472 CVE-2015-1473 Package : glibc Type : multiple issues Remote : possible (still under investigation) Link : https://wiki.archlinux.org/title/CVE Summary ====== The package glibc before version 2.21-1 has multiple issues that could be exploitable. Resolution ========= Upgrade to 2.21-1 # pacman -Syu "glibc> =2.21-1" The problems have been fixed upstream in version 2.21. Workaround ========= None. Description ========== glibc has multiple issues including heap- and stack overflows that could be exploitable. The heap- and stack-overflow is possible in the swscanf function. Impact ===== The issue is still under investigation. It's not clear if the issue is exploitable. In case of 'yes' this could result in various exploits in every software that uses glibc. This includes remote-code-execution or local exploits for gaining root access. References ========= https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2015-1472 https://sourceware.org/bugzilla/show_bug.cgi?id=CVE-2015-1473 https://sourceware.org/legacy-ml/libc-alpha/2015-02/msg00119.html . Debian highlights significant vulnerabilities in OpenSSL that could lead to serious breaches; users strongly encouraged to update to version 1.1.1k immediately.. Arch Linux Exploit, Glibc Security, Remote Code Access, Package Upgrade. . LinuxSecurity.com Team

Feb 09, 2015 ArchLinux

security advisorybuffer overflowRed Hat Enterprise Linux

Red Hat Enterprise Linux 5: RHSA-2015:0090-01 Critical: glibc Overflow

Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ==================================================================== Red Hat Security Advisory Synopsis: Critical: glibc security update Advisory ID: RHSA-2015:0090-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2015:0090.html Issue date: 2015-01-27 CVE Names: CVE-2015-0235 ==================================================================== 1. Summary: Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having Critical security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux (v. 5 server) - i386, ia64, ppc, s390x, x86_64 Red Hat Enterprise Linux Desktop (v. 5 client) - i386, x86_64 3. Description: The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. A heap-based buffer overflow was found in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application. (CVE-2015-0235) Red Hat would like to thank Qualys for reporting this issue. All glibc users are advised to upgrade tothese updated packages, which contain a backported patch to correct this issue. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1183461 - CVE-2015-0235 glibc: __nss_hostname_digits_dots() heap-based buffer overflow 6. Package List: Red Hat Enterprise Linux Desktop (v. 5 client): Source: glibc-2.5-123.el5_11.1.src.rpm i386: glibc-2.5-123.el5_11.1.i386.rpm glibc-2.5-123.el5_11.1.i686.rpm glibc-common-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i686.rpm glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.i386.rpm glibc-headers-2.5-123.el5_11.1.i386.rpm glibc-utils-2.5-123.el5_11.1.i386.rpm nscd-2.5-123.el5_11.1.i386.rpm x86_64: glibc-2.5-123.el5_11.1.i686.rpm glibc-2.5-123.el5_11.1.x86_64.rpm glibc-common-2.5-123.el5_11.1.x86_64.rpm glibc-debuginfo-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i686.rpm glibc-debuginfo-2.5-123.el5_11.1.x86_64.rpm glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.x86_64.rpm glibc-headers-2.5-123.el5_11.1.x86_64.rpm glibc-utils-2.5-123.el5_11.1.x86_64.rpm nscd-2.5-123.el5_11.1.x86_64.rpm Red Hat Enterprise Linux (v. 5server): Source: glibc-2.5-123.el5_11.1.src.rpm i386: glibc-2.5-123.el5_11.1.i386.rpm glibc-2.5-123.el5_11.1.i686.rpm glibc-common-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i686.rpm glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.i386.rpm glibc-headers-2.5-123.el5_11.1.i386.rpm glibc-utils-2.5-123.el5_11.1.i386.rpm nscd-2.5-123.el5_11.1.i386.rpm ia64: glibc-2.5-123.el5_11.1.i686.rpm glibc-2.5-123.el5_11.1.ia64.rpm glibc-common-2.5-123.el5_11.1.ia64.rpm glibc-debuginfo-2.5-123.el5_11.1.i686.rpm glibc-debuginfo-2.5-123.el5_11.1.ia64.rpm glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.ia64.rpm glibc-headers-2.5-123.el5_11.1.ia64.rpm glibc-utils-2.5-123.el5_11.1.ia64.rpm nscd-2.5-123.el5_11.1.ia64.rpm ppc: glibc-2.5-123.el5_11.1.ppc.rpm glibc-2.5-123.el5_11.1.ppc64.rpm glibc-common-2.5-123.el5_11.1.ppc.rpm glibc-debuginfo-2.5-123.el5_11.1.ppc.rpm glibc-debuginfo-2.5-123.el5_11.1.ppc64.rpm glibc-devel-2.5-123.el5_11.1.ppc.rpm glibc-devel-2.5-123.el5_11.1.ppc64.rpm glibc-headers-2.5-123.el5_11.1.ppc.rpm glibc-utils-2.5-123.el5_11.1.ppc.rpm nscd-2.5-123.el5_11.1.ppc.rpm s390x: glibc-2.5-123.el5_11.1.s390.rpm glibc-2.5-123.el5_11.1.s390x.rpm glibc-common-2.5-123.el5_11.1.s390x.rpm glibc-debuginfo-2.5-123.el5_11.1.s390.rpm glibc-debuginfo-2.5-123.el5_11.1.s390x.rpm glibc-devel-2.5-123.el5_11.1.s390.rpm glibc-devel-2.5-123.el5_11.1.s390x.rpm glibc-headers-2.5-123.el5_11.1.s390x.rpm glibc-utils-2.5-123.el5_11.1.s390x.rpm nscd-2.5-123.el5_11.1.s390x.rpm x86_64: glibc-2.5-123.el5_11.1.i686.rpm glibc-2.5-123.el5_11.1.x86_64.rpm glibc-common-2.5-123.el5_11.1.x86_64.rpm glibc-debuginfo-2.5-123.el5_11.1.i386.rpm glibc-debuginfo-2.5-123.el5_11.1.i686.rpm glibc-debuginfo-2.5-123.el5_11.1.x86_64.rpm glibc-debuginfo-common-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.i386.rpm glibc-devel-2.5-123.el5_11.1.x86_64.rpm glibc-headers-2.5-123.el5_11.1.x86_64.rpm glibc-utils-2.5-123.el5_11.1.x86_64.rpm nscd-2.5-123.el5_11.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key 7. References: https://access.redhat.com/security/cve/CVE-2015-0235 https://access.redhat.com/security/updates/classification#critical 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFUx8U6XlSAg2UNWIIRAoItAJ0aDoP9DLGMw9Uv9JZ/s3p8R30o8ACgg2Gf fnI6Bar16s9i0KKlJ6gkJs4=WEdr -----END PGP SIGNATURE----- -- Enterprise-watch-list mailing list This email address is being protected from spambots. You need JavaScript enabled to view it. . Urgent security patch for glibc in Red Hat Enterprise Linux 5 resolves severe buffer overflow vulnerability.. glibc update, Red Hat patching, enterprise security updates, Linux patches. . Severity: Critical. LinuxSecurity.com Team

Jan 27, 2015 •Critical Red Hat

security advisorycode executiondirectory traversal

openSUSE 13.1 Important: glibc Update Fixes Three Issues

An update that fixes three vulnerabilities is now available.. openSUSE Security Update: glibc ______________________________________________________________________________ Announcement ID: openSUSE-SU-2014:1115-1 Rating: important References: #887022 #892073 #894553 Cross-References: CVE-2014-0475 CVE-2014-5119 CVE-2014-6040 Affected Products: openSUSE 13.1 openSUSE 12.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: glibc was updated to fix three security issues: - A directory traversal in locale environment handling was fixed (CVE-2014-0475, bnc#887022, GLIBC BZ #17137) - Disable gconv transliteration module loading which could be used for code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187) - Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040, bnc#894553, BZ #17325) Patch Instructions: To install this openSUSE Security Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.1: zypper in -t patch openSUSE-2014-536 - openSUSE 12.3: zypper in -t patch openSUSE-2014-536 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.1 (i586 i686 x86_64): glibc-2.18-4.21.1 glibc-debuginfo-2.18-4.21.1 glibc-debugsource-2.18-4.21.1 glibc-devel-2.18-4.21.1 glibc-devel-debuginfo-2.18-4.21.1 glibc-devel-static-2.18-4.21.1 glibc-extra-2.18-4.21.1 glibc-extra-debuginfo-2.18-4.21.1 glibc-locale-2.18-4.21.1 glibc-locale-debuginfo-2.18-4.21.1 glibc-profile-2.18-4.21.1 nscd-2.18-4.21.1 nscd-debuginfo-2.18-4.21.1 - openSUSE 13.1 (i586 x86_64): glibc-utils-2.18-4.21.1 glibc-utils-debuginfo-2.18-4.21.1 glibc-utils-debugsource-2.18-4.21.1 - openSUSE 13.1 (i586i686): glibc-obsolete-2.18-4.21.1 glibc-obsolete-debuginfo-2.18-4.21.1 - openSUSE 13.1 (x86_64): glibc-32bit-2.18-4.21.1 glibc-debuginfo-32bit-2.18-4.21.1 glibc-devel-32bit-2.18-4.21.1 glibc-devel-debuginfo-32bit-2.18-4.21.1 glibc-devel-static-32bit-2.18-4.21.1 glibc-locale-32bit-2.18-4.21.1 glibc-locale-debuginfo-32bit-2.18-4.21.1 glibc-profile-32bit-2.18-4.21.1 glibc-utils-32bit-2.18-4.21.1 glibc-utils-debuginfo-32bit-2.18-4.21.1 - openSUSE 13.1 (noarch): glibc-html-2.18-4.21.1 glibc-i18ndata-2.18-4.21.1 glibc-info-2.18-4.21.1 - openSUSE 12.3 (i586 i686 x86_64): glibc-2.17-4.13.1 glibc-debuginfo-2.17-4.13.1 glibc-debugsource-2.17-4.13.1 glibc-devel-2.17-4.13.1 glibc-devel-debuginfo-2.17-4.13.1 glibc-devel-static-2.17-4.13.1 glibc-extra-2.17-4.13.1 glibc-extra-debuginfo-2.17-4.13.1 glibc-locale-2.17-4.13.1 glibc-locale-debuginfo-2.17-4.13.1 glibc-profile-2.17-4.13.1 nscd-2.17-4.13.1 nscd-debuginfo-2.17-4.13.1 - openSUSE 12.3 (i586 x86_64): glibc-utils-2.17-4.13.1 glibc-utils-debuginfo-2.17-4.13.1 glibc-utils-debugsource-2.17-4.13.1 - openSUSE 12.3 (i586 i686): glibc-obsolete-2.17-4.13.1 glibc-obsolete-debuginfo-2.17-4.13.1 - openSUSE 12.3 (x86_64): glibc-32bit-2.17-4.13.1 glibc-debuginfo-32bit-2.17-4.13.1 glibc-devel-32bit-2.17-4.13.1 glibc-devel-debuginfo-32bit-2.17-4.13.1 glibc-devel-static-32bit-2.17-4.13.1 glibc-locale-32bit-2.17-4.13.1 glibc-locale-debuginfo-32bit-2.17-4.13.1 glibc-profile-32bit-2.17-4.13.1 glibc-utils-32bit-2.17-4.13.1 glibc-utils-debuginfo-32bit-2.17-4.13.1 - openSUSE 12.3 (noarch): glibc-html-2.17-4.13.1 glibc-i18ndata-2.17-4.13.1 glibc-info-2.17-4.13.1 References: https://www.suse.com/security/cve/CVE-2014-0475.html https://www.suse.com/security/cve/CVE-2014-5119.html https://www.suse.com/security/cve/CVE-2014-6040.html -- . Important notice for openSUSE concerning three significant glibc security flaws, along with detailed patch application guidelines.. openSUSE Security Updates, glibc Patches, important vulnerabilities. . Severity: Important. LinuxSecurity.com Team

Sep 11, 2014 •Important OpenSUSE

security advisoryDebianlocal exploit

Debian: Critical Advisory - glibc Local Exploit Severity: Critical

Recently two problems have been found in the glibc suite, which could beused to trick setuid applications to run arbitrary code. . -----BEGIN PGP SIGNED MESSAGE------ ------------------------------------------------------------------------Debian Security Advisory This email address is being protected from spambots. You need JavaScript enabled to view it. Debian -- Security Information Wichert Akkerman September 2, 2000 - ------------------------------------------------------------------------ Package: glibc Vulnerability: local exploit Debian-specific: no Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code. The first problem is the way ld.so handles environment variables: in order to provide a safe environment for setuid applications it removes certain the environment variables that can influence application execution such as LD_PRELOAD and LD_LIBRARY_PATH. Unfortunately there was a bug that could cause ld.so to not remove them under some conditions. This would affect setuid applications if they execute another binary without dropping privileges or cleaning up the environment themselves. The second problem is the locale handling in glibc. glibc checks for characters like `/' in the LANG and LC_* environment variables to see if someone is trying to trick a program into reading arbitrary files. Unfortunately there were some logic errors in those checks which could be used to make a setuid application use arbitrary files for localization settings, which can be exploited to trick it into executing arbitrary code. These problems have been fixed in version 2.1.3-13, and we recommend that you upgrade your glibc package immediately. wget url will fetch the file for you dpkg -i file.deb will install the referenced file. You may use an automated update by adding the resources from the footer to the proper configuration. Debian GNU/Linux 2.1 alias slink - ------------------------------------ No update is available for slink; we will release an advisory with more information about this release later. Debian GNU/Linux 2.2 alias potato - ------------------------------------ Potato was released for the alpha, arm, i386, m68k, powerpc and sparc architectures. At this moment packages for m68k are not yet available. As soon as they are ready we will put them online and list them on the security pages at Debian -- Security Information Source archives: MD5 checksum: 70fcaf79c3c1e84c6bb18c579784b062 MD5 checksum: fd82c79e94f4adfacad7ac7e10a82850 MD5 checksum: aea1bb5c28f793013153d1b8f91eb746 Architecture indendent archives: MD5 checksum: 715d058a21da37459873fa9810f8ac80 MD5 checksum: 6c90c6b465428d76ed7292258f11b5b6 Alpha architecture: MD5 checksum: 9b3766a8c636e0475eb1123227d6efd5 MD5 checksum: cee532947e5169b21309ac8a2175e28c MD5 checksum: 34bdaa22187f7fb28bde26980f288663 MD5 checksum: 9caab3a0d2965defc917a3f7d639cb67 MD5 checksum: bd80fa7df7b35298b03fa86ed4eddb58 MD5 checksum: ffa9525ee030d7d1314db3b052e5df1f MD5 checksum: a2b2b33cf960cf826edc3aa5387e7d27 MD5 checksum: ed04bda8579a4ec939e8ee09942f7b1f ARM architecture: MD5 checksum: da2b951b1ffe58526e5c9a032ef5f73c MD5 checksum: 771857d6aab61fc88da0c8e740421690 MD5 checksum: 63d85ff2300b43fd1dc5617b09bbd213 MD5 checksum: 8584f4af0aa50edf32a447efd0a31c65 MD5 checksum: 15364347a059937f66c73fcf08d1dd46 MD5 checksum: 4d0d0f3138e6f7634079deebc010a239 MD5 checksum: da07801bb41e66e753999b1b2d932084 Intel ia32 architecture: MD5 checksum: 5f807f96733f5e20f5b96c41db83b213 MD5 checksum: 706320b902f75df49648807260cfbedc MD5 checksum: 640caa2b950660108554aa775222c753 MD5 checksum: d63917ecf3baffefef63f3192d92c0d3 MD5 checksum: 4fa5f5586c96ac8e77519324326268af MD5 checksum: 5a0ba8bfdd1909f1b999b672761c23ad MD5 checksum: ba677879a912e15d72abac4026c0385f MD5 checksum: ae98fbe3e00aa8be3700622e7d84ff2b PowerPC architecture: MD5 checksum: 555aad39f66aacd796a770a0a03016be MD5 checksum: 4fbd5aefb34c2081dc1e7f0e02ff5ae7 MD5 checksum: 7056a4bade2e2826a440c5308217b6f2 MD5 checksum: ec364dba9a60cd0a030549a1b9a17389 MD5 checksum: cfc05198b7db0184543170d98c43d415 MD5 checksum: 572422ea41d70bec2e4fb2c979f539b8 MD5 checksum: e4875824d6e56fb71bec517368643e07 Sun Sparc architecture: MD5 checksum: a6ce8fc46495d37666fc3ffa41c928ec MD5 checksum: 0450318920b99f6f9f2f11b7c1c6ffe2 MD5 checksum: 8c47c80ded91aba75127da261821a92a MD5 checksum: f48e298dbf9bda280dd3deb0f32b1796 MD5 checksum: 27df020bfceab1c066477cc9150d22c2 MD5 checksum: 9358612ba28d43d1a101715eeafce758 MD5 checksum: f86593fd83626b59d0675323dbdc698f For not yet released architectures please refer to the appropriate directory . - -- - ----------------------------------------------------------------------------For apt-get: deb Debian -- Security Information stable/updates main dpkg - dists/stable/updates/main Mailing list: This email address is being protected from spambots. You need JavaScript enabled to view it. -----BEGIN PGP SIGNATURE-----Version: 2.6.3ia Charset: noconv iQB1AwUBObEoLKjZR/ntlUftAQHf0gL+PFcffgnczWkFzcl6eXP8I3I7GBMdLUrq 0EfUi9c6Y0VGbGNIocDuh87Md8aYHBXusNIymrvI25qdwizrcZwdooTQka7SelRe 8A6uT+f2WgxTrMKnmVUyrYiYcyDlKRkJ =fAUV -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE------ ----------------------------------------------------------------. recently, problems, found, glibc, suite, which, beused, trick, setuid, applica. . Severity: Critical.LinuxSecurity.com Team

Sep 02, 2000 •Critical Debian

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Explore Latest Linux Security advisories

SUSE: 2025:0562-1 low: fix for glibc underallocation issue found

SUSE: 2023:905-1 Moderate: Glibc Buffer Overflow Security Update

Arch Linux: ASA-201502-8 High: Glibc Exploitable Exploits

Red Hat Enterprise Linux 5: RHSA-2015:0090-01 Critical: glibc Overflow

openSUSE 13.1 Important: glibc Update Fixes Three Issues

Debian: Critical Advisory - glibc Local Exploit Severity: Critical

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Ubuntu 25.10 kmod Critical Algif_aead Privilege Escalation USN-8226-1

Ubuntu 26.04 LTS nginx Critical Denial of Service 2026-42945

Ubuntu 26.04 Docker Critical Security Threats USN-8230-1 CVE-2026-33747

Debian OpenSSH Critical DSA-6204-1 CVE-2026-3497 Remote DoS Execution

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Stay Secure with the Latest Linux Advisories

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Refine advisories

severity

Topics

Distro

Published Date

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Explore Latest Linux Security advisories

Get the latest News and Insights

Community Poll

What got you started with Linux?

Trending News

Search Topics

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!