Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2025:8686

Опубликовано: 29 июл. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: glibc security update

The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Security Fix(es):

  • glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH (CVE-2025-4802)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
glibcx86_64251.el8_10.22glibc-2.28-251.el8_10.22.x86_64.rpm
glibc-all-langpacksx86_64251.el8_10.22glibc-all-langpacks-2.28-251.el8_10.22.x86_64.rpm
glibc-commonx86_64251.el8_10.22glibc-common-2.28-251.el8_10.22.x86_64.rpm
glibc-develx86_64251.el8_10.22glibc-devel-2.28-251.el8_10.22.x86_64.rpm
glibc-docnoarch251.el8_10.22glibc-doc-2.28-251.el8_10.22.noarch.rpm
glibc-gconv-extrax86_64251.el8_10.22glibc-gconv-extra-2.28-251.el8_10.22.x86_64.rpm
glibc-headersx86_64251.el8_10.22glibc-headers-2.28-251.el8_10.22.x86_64.rpm
glibc-langpack-aax86_64251.el8_10.22glibc-langpack-aa-2.28-251.el8_10.22.x86_64.rpm
glibc-langpack-afx86_64251.el8_10.22glibc-langpack-af-2.28-251.el8_10.22.x86_64.rpm
glibc-langpack-agrx86_64251.el8_10.22glibc-langpack-agr-2.28-251.el8_10.22.x86_64.rpm

Показывать по

Связанные CVE

Исправления

Связанные уязвимости

CVSS3: 7.8
ubuntu
3 месяца назад

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

CVSS3: 7
redhat
3 месяца назад

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

CVSS3: 7.8
nvd
3 месяца назад

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).

CVSS3: 7.8
debian
3 месяца назад

Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GN ...

suse-cvrf
2 месяца назад

Security update for glibc