-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4621-1 [email protected]
https://www.debian.org/lts/security/ Arnaud Rebillout
June 08, 2026 https://wiki.debian.org/LTS
- -------------------------------------------------------------------------
Package : glibc
Version : 2.31-13+deb11u14
CVE ID : CVE-2025-8058 CVE-2025-15281 CVE-2026-0861 CVE-2026-0915
CVE-2026-4046
Debian Bug : 1109803 1125678 1125748 1126266 1132499
Several vulnerabilities have been discovered in the GNU C Library, the C
standard library implementation used by Debian.
CVE-2025-8058
posix: Fix double-free after allocation failure in regcomp
The regcomp function in the GNU C library version from 2.4 to 2.41 is
subject to a double free if some previous allocation fails. It can be
accomplished either by a malloc failure or by using an interposed
malloc that injects random malloc failures. The double free can allow
buffer manipulation depending of how the regex is constructed. This
issue affects all architectures and ABIs supported by the GNU C
library.
CVE-2025-15281
posix: Reset wordexp_t fields with WRDE_REUSE
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the
GNU C Library version 2.0 to version 2.42 may cause the interface to
return uninitialized memory in the we_wordv member, which on
subsequent calls to wordfree may abort the process.
CVE-2026-0861
memalign: reinstate alignment overflow check
Passing too large an alignment to the memalign suite of functions
(memalign, posix_memalign, aligned_alloc) in the GNU C Library version
2.30 to 2.42 may result in an integer overflow, which could
consequently result in a heap corruption. Note that the attacker must
have control over both, the size as well as the alignment arguments of
the memalign function to be able to exploit this. The size parameter
must be close enough to PTRDIFF_MAX so as to overflow size_t along
with the large alignment argument. This limits the malicious inputs
for the alignment for memalign to the range [1<<62+ 1, 1<<63] and
exactly 1<<63 for posix_memalign and aligned_alloc. Typically the
alignment argument passed to such functions is a known constrained
quantity (e.g. page size, block size, struct sizes) and is not
attacker controlled, because of which this may not be easily
exploitable in practice. An application bug could potentially result
in the input alignment being too large, e.g. due to a different buffer
overflow or integer overflow in the application or its dependent
libraries, but that is again an uncommon usage pattern given typical
sources of alignments.
CVE-2026-0915
resolv: Fix NSS DNS backend for getnetbyaddr
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf
that specifies the library's DNS backend for networks and queries for
a zero-valued network in the GNU C Library version 2.0 to version 2.42
can leak stack contents to the configured DNS resolver.
CVE-2026-4046
iconvdata: Use pending character state in IBM1390, IBM1399 character sets
The iconv() function in the GNU C Library versions 2.43 and earlier
may crash due to an assertion failure when converting inputs from the
IBM1390 or IBM1399 character sets, which may be used to remotely crash
an application. This vulnerability can be trivially mitigated by
removing the IBM1390 and IBM1399 character sets from systems that do
not need them.
For Debian 11 bullseye, these problems have been fixed in version
2.31-13+deb11u14.
We recommend that you upgrade your glibc packages.
For the detailed security status of glibc please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/glibc
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEE0Kl7ndbut+9n4bYs5yXoeRRgAhYFAmomS28ACgkQ5yXoeRRg
AhaWhBAAlxpH/eh8fFem53V8jfsClf0D2JA5LnpmTqJcweg7yPO+m0HPmPx01TJZ
i+9PK3BbNcZJO2U5WLN6i79YvWTDh5TxbzkkqZ7hKxfgXVMfXB1i0P+LXqFoR608
6nGJzMfKvAeeSEvh8DCQnPazp52El5J4A1cfyYv7yP4P77D4OsvPsInXYWL9fCY0
QRTT50h4y9Bx3KVYzG45iC9DTIWK5vNRcvQ97hJ9AzboHWk9ECZ7ZQmlPhYsmwsZ
PK4PuFJewtsUU0H8Z++vU6e6OXxySkSWgkULx3FgC5zqQBbrkifVaFVcmWvFtSPL
vo9k7g+AK2DzE4cf/IVmx5/mwQMFdUJBw9/zQbNC7VRZ3rWAMpj3FT7GqjRHom7g
64GcJ0rRkg8Hqt8K8onOHwgC+MRxvYomsYCqLhFzDGPzyu7ILdYlXEqvJ+iYYhBd
tDSA2NAJOJF30pBWuGK4iuM+YmRc61WvDfPENJGT7K5pygBXDXrO56PtSdfZuwrH
wr+QQVnRb0ifkjCf3VvwqAa9504tvd1AGng+2EKqNsxcn0yYaJc4pI5ycQasV8rt
G9rLt74jeywybeq/JbG6mSwBZSlkYKPRRuSiojD3s0MPk79jFmUkUQwObquDfl26
kBYj6Ge38jaCvKtvDghLs5dIzXLyxPbXRmhZ9G4gFFNmSTvbrs8=
=TmSx
-----END PGP SIGNATURE-----
