-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-a2f3af8a86 2026-01-27 06:42:28.827046+00:00 --------------------------------------------------------------------------------
Name : glibc Product : Fedora 42 Version : 2.41 Release : 16.fc42 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. -------------------------------------------------------------------------------- Update Information: This update switches the currency symbol for Bulgaria to the Euro. Furthermore, it addresses several security vulnerabilities: A crash when wordexp is used with WRDE_REUSE (CVE-2025-15281) Information leakage from the stack if getnetbyaddr is called for the zero address (CVE-2026-0915) An integer overflow in memalign and related functions if they are called with out-of-bounds size/alignment combinations (CVE-2026-0861) LD_PROFILE is now ignored with a warning if LD_PROFILE_OUTPUT is not specified, rather than using the insecure /var/tmp default. The changes updates from the upstream stable release branch are applied: nptl: Optimize trylock for high cache contention workloads (BZ #33704) (Sunil K Pandey) sprof: fix -Wformat warnings on 32-bit hosts (Collin Funk) sprof: check pread size and offset for overflow (DJ Delorie) -------------------------------------------------------------------------------- ChangeLog: * Fri Jan 23 2026 Florian Weimer <[email protected]> - 2.41-16 - Ignore LD_PROFILE if LD_PROFILE_OUTPUT is not set (#2432405) * Fri Jan 23 2026 Florian Weimer <[email protected]> - 2.41-15 - Auto-sync with upstream branch release/2.41/master, commit fb4db64a04ad6c96cd1fbb7e02eb59323b1f2ac2: - posix: Reset wordexp_t fields with WRDE_REUSE (CVE-2025-15281) - resolv: Fix NSS DNS backend for getnetbyaddr (CVE-2026-0915) - memalign: reinstate alignment overflow check (CVE-2026-0861) * Tue Jan 13 2026 Florian Weimer <[email protected]> - 2.41-14 - Switch currency symbol for the bg_BG locale to euro (#2429016) * Mon Jan 12 2026 Frédéric Bérat <[email protected]> - 2.41-13 - Auto-sync with upstream branch master, commit c96b4ed1e26f06ebc56c17ba2c29d1647be68c1e: - nptl: Optimize trylock for high cache contention workloads (BZ #33704) (Sunil K Pandey) - support: Exit on consistency check failure in resolv_response_add_name (Florian Weimer) - support: Fix FILE * leak in check_for_unshare_hints in test-container (Florian Weimer) - sprof: fix -Wformat warnings on 32-bit hosts (Collin Funk) - sprof: check pread size and offset for overflow (DJ Delorie) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2429016 - glibc: Bulgaria joined the eurozone https://bugzilla.redhat.com/show_bug.cgi?id=2429016 [ 2 ] Bug #2430076 - CVE-2026-0861 glibc: Integer overflow in memalign leads to heap corruption [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2430076 [ 3 ] Bug #2430319 - CVE-2026-0915 glibc: glibc: Information disclosure via zero-valued network query [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2430319 [ 4 ] Bug #2431279 - CVE-2025-15281 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431279 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-a2f3af8a86' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
-- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
