VYPR

rpm package

almalinux/glibc-langpack-ssy

pkg:rpm/almalinux/glibc-langpack-ssy

Vulnerabilities (6)

  • CVE-2026-5450CriApr 20, 2026
    affected < 2.39-126.el10_2.alma.1fixed 2.39-126.el10_2.alma.1

    Calling the scanf family of functions with a %mc (malloc'd character match) in the GNU C Library version 2.7 to version 2.43 with a format width specifier with an explicit width greater than 1024 could result in a one byte heap buffer overflow.

  • CVE-2026-4046HigMar 30, 2026
    affected < 2.39-124.el10_2.alma.1fixed 2.39-124.el10_2.alma.1

    The iconv() function in the GNU C Library versions 2.43 and earlier may crash due to an assertion failure when converting inputs from the IBM1390 or IBM1399 character sets, which may be used to remotely crash an application. This vulnerability can be trivially mitigated by rem

  • CVE-2026-4438MedMar 20, 2026
    affected < 2.39-121.el10_2.alma.1fixed 2.39-121.el10_2.alma.1

    Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

  • CVE-2026-4437HigMar 20, 2026
    affected < 2.39-121.el10_2.alma.1fixed 2.39-121.el10_2.alma.1

    Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that c

  • CVE-2026-0915Jan 15, 2026
    affected < 2.39-58.el10_1.7.alma.1fixed 2.39-58.el10_1.7.alma.1

    Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.

  • CVE-2026-0861Jan 14, 2026
    affected < 2.39-58.el10_1.7.alma.1fixed 2.39-58.el10_1.7.alma.1

    Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control