Описание
Security update for glibc
This update for glibc fixes the following issues:
- CVE-2025-8058: Fixed double-free after allocation failure in regcomp. (bsc#1246965)
Список пакетов
SUSE Linux Enterprise Module for Basesystem 15 SP6
glibc-2.38-150600.14.37.1
glibc-32bit-2.38-150600.14.37.1
glibc-devel-2.38-150600.14.37.1
glibc-extra-2.38-150600.14.37.1
glibc-i18ndata-2.38-150600.14.37.1
glibc-info-2.38-150600.14.37.1
glibc-lang-2.38-150600.14.37.1
glibc-locale-2.38-150600.14.37.1
glibc-locale-base-2.38-150600.14.37.1
glibc-locale-base-32bit-2.38-150600.14.37.1
glibc-profile-2.38-150600.14.37.1
libnsl1-2.38-150600.14.37.1
libnsl1-32bit-2.38-150600.14.37.1
nscd-2.38-150600.14.37.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
glibc-2.38-150600.14.37.1
glibc-32bit-2.38-150600.14.37.1
glibc-devel-2.38-150600.14.37.1
glibc-extra-2.38-150600.14.37.1
glibc-i18ndata-2.38-150600.14.37.1
glibc-info-2.38-150600.14.37.1
glibc-lang-2.38-150600.14.37.1
glibc-locale-2.38-150600.14.37.1
glibc-locale-base-2.38-150600.14.37.1
glibc-locale-base-32bit-2.38-150600.14.37.1
glibc-profile-2.38-150600.14.37.1
libnsl1-2.38-150600.14.37.1
libnsl1-32bit-2.38-150600.14.37.1
nscd-2.38-150600.14.37.1
SUSE Linux Enterprise Module for Development Tools 15 SP6
glibc-devel-32bit-2.38-150600.14.37.1
glibc-devel-static-2.38-150600.14.37.1
glibc-utils-2.38-150600.14.37.1
SUSE Linux Enterprise Module for Development Tools 15 SP7
glibc-devel-32bit-2.38-150600.14.37.1
glibc-devel-static-2.38-150600.14.37.1
glibc-utils-2.38-150600.14.37.1
openSUSE Leap 15.6
glibc-2.38-150600.14.37.1
glibc-32bit-2.38-150600.14.37.1
glibc-devel-2.38-150600.14.37.1
glibc-devel-32bit-2.38-150600.14.37.1
glibc-devel-static-2.38-150600.14.37.1
glibc-devel-static-32bit-2.38-150600.14.37.1
glibc-extra-2.38-150600.14.37.1
glibc-html-2.38-150600.14.37.1
glibc-i18ndata-2.38-150600.14.37.1
glibc-info-2.38-150600.14.37.1
glibc-lang-2.38-150600.14.37.1
glibc-locale-2.38-150600.14.37.1
glibc-locale-base-2.38-150600.14.37.1
glibc-locale-base-32bit-2.38-150600.14.37.1
glibc-profile-2.38-150600.14.37.1
glibc-profile-32bit-2.38-150600.14.37.1
glibc-utils-2.38-150600.14.37.1
glibc-utils-32bit-2.38-150600.14.37.1
libnsl1-2.38-150600.14.37.1
libnsl1-32bit-2.38-150600.14.37.1
nscd-2.38-150600.14.37.1
Ссылки
- Link for SUSE-SU-2025:02964-1
- E-Mail link for SUSE-SU-2025:02964-1
- SUSE Security Ratings
- SUSE Bug 1240058
- SUSE Bug 1246965
- SUSE CVE CVE-2025-8058 page
Описание
The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.
Затронутые продукты
SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-2.38-150600.14.37.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-32bit-2.38-150600.14.37.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-devel-2.38-150600.14.37.1
SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-extra-2.38-150600.14.37.1
Ссылки
- CVE-2025-8058
- SUSE Bug 1246965