Source: glibc Version: 2.42-7 Severity: important Tags: security upstream Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=33802 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]> Control: found -1 2.41-12+deb13u1 Control: found -1 2.41-12 Control: found -1 2.36-9+deb12u13 Control: found -1 2.36-9+deb12u7 Control: found -1 2.36-9
Hi, The following vulnerability was published for glibc. CVE-2026-0915[0]: | Calling getnetbyaddr or getnetbyaddr_r with a configured | nsswitch.conf that specifies the library's DNS backend for networks | and queries for a zero-valued network in the GNU C Library version | 2.0 to version 2.42 can leak stack contents to the configured DNS | resolver. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2026-0915 https://www.cve.org/CVERecord?id=CVE-2026-0915 [1] https://sourceware.org/bugzilla/show_bug.cgi?id=33802 Regards, Salvatore
