Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:11066

Опубликовано: 03 окт. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Security Fix(es):

  • glibc: Vector register overwrite bug in glibc (CVE-2025-5702)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 10

НаименованиеАрхитектураРелизRPM
glibcx86_6443.el10_0glibc-2.39-43.el10_0.x86_64.rpm
glibc-all-langpacksx86_6443.el10_0glibc-all-langpacks-2.39-43.el10_0.x86_64.rpm
glibc-commonx86_6443.el10_0glibc-common-2.39-43.el10_0.x86_64.rpm
glibc-gconv-extrax86_6443.el10_0glibc-gconv-extra-2.39-43.el10_0.x86_64.rpm
glibc-langpack-aax86_6443.el10_0glibc-langpack-aa-2.39-43.el10_0.x86_64.rpm
glibc-langpack-afx86_6443.el10_0glibc-langpack-af-2.39-43.el10_0.x86_64.rpm
glibc-langpack-agrx86_6443.el10_0glibc-langpack-agr-2.39-43.el10_0.x86_64.rpm
glibc-langpack-akx86_6443.el10_0glibc-langpack-ak-2.39-43.el10_0.x86_64.rpm
glibc-langpack-amx86_6443.el10_0glibc-langpack-am-2.39-43.el10_0.x86_64.rpm
glibc-langpack-anx86_6443.el10_0glibc-langpack-an-2.39-43.el10_0.x86_64.rpm

Показывать по

Связанные CVE

CVE-2025-5702

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2025-5702

CVSS3: 5.6
ubuntu
5 месяцев назад

The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

redhat логотип

CVE-2025-5702

CVSS3: 5.6
redhat
5 месяцев назад

The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

nvd логотип

CVE-2025-5702

CVSS3: 5.6
nvd
5 месяцев назад

The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.

debian логотип

CVE-2025-5702

CVSS3: 5.6
debian
5 месяцев назад

The strcmp implementation optimized for the Power10 processor in the G ...

github логотип

GHSA-hqwp-qwfv-mhrx

CVSS3: 5.6
github
5 месяцев назад

The strcmp implementation optimized for the Power10 processor in the GNU C Library version 2.39 and later writes to vector registers v20 to v31 without saving contents from the caller (those registers are defined as non-volatile registers by the powerpc64le ABI), resulting in overwriting of its contents and potentially altering control flow of the caller, or leaking the input strings to the function to other parts of the program.