rpm package
suse/glibc&distro=SUSE Linux Enterprise Server 15 SP6-LTSS
pkg:rpm/suse/glibc&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-4438 | Med | 5.4 | < 2.38-150600.14.46.1 | 2.38-150600.14.46.1 | Mar 20, 2026 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification. | |
| CVE-2026-4437 | Hig | 7.5 | < 2.38-150600.14.46.1 | 2.38-150600.14.46.1 | Mar 20, 2026 | Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that c | |
| CVE-2025-15281 | — | < 2.38-150600.14.40.1 | 2.38-150600.14.40.1 | Jan 20, 2026 | Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process. | ||
| CVE-2026-0915 | — | < 2.38-150600.14.40.1 | 2.38-150600.14.40.1 | Jan 15, 2026 | Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver. | ||
| CVE-2026-0861 | — | < 2.38-150600.14.40.1 | 2.38-150600.14.40.1 | Jan 14, 2026 | Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control |
- affected < 2.38-150600.14.46.1fixed 2.38-150600.14.46.1
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.
- affected < 2.38-150600.14.46.1fixed 2.38-150600.14.46.1
Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C Library version 2.34 to version 2.43 could, with a crafted response from the configured DNS server, result in a violation of the DNS specification that c
- CVE-2025-15281Jan 20, 2026affected < 2.38-150600.14.40.1fixed 2.38-150600.14.40.1
Calling wordexp with WRDE_REUSE in conjunction with WRDE_APPEND in the GNU C Library version 2.0 to version 2.42 may cause the interface to return uninitialized memory in the we_wordv member, which on subsequent calls to wordfree may abort the process.
- CVE-2026-0915Jan 15, 2026affected < 2.38-150600.14.40.1fixed 2.38-150600.14.40.1
Calling getnetbyaddr or getnetbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend for networks and queries for a zero-valued network in the GNU C Library version 2.0 to version 2.42 can leak stack contents to the configured DNS resolver.
- CVE-2026-0861Jan 14, 2026affected < 2.38-150600.14.40.1fixed 2.38-150600.14.40.1
Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control