|
|
Subscribe / Log in / New account

Ubuntu alert USN-7760-1 (glibc)



From:
              noreply+usn-bot@canonical.com


To:
              ubuntu-security-announce@lists.ubuntu.com


Subject:
              [USN-7760-1] GNU C Library vulnerability


Date:
              Mon, 22 Sep 2025 18:58:37 +0000


Message-ID:
              <E1v0lkD-0001Qc-QH@lists.ubuntu.com>


==========================================================================
Ubuntu Security Notice USN-7760-1
September 22, 2025

glibc vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.04
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

GNU C Library could be made to crash or run programs if it received
specially crafted input.

Software Description:
- glibc: GNU C Library

Details:

It was discovered that the GNU C Library incorrectly handled the regcomp
function when memory allocation failures occured. An attacker could use
this issue to cause applications to crash, leading to a denial of service,
or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.04
  libc6                           2.41-6ubuntu1.2

Ubuntu 24.04 LTS
  libc6                           2.39-0ubuntu8.6

Ubuntu 22.04 LTS
  libc6                           2.35-0ubuntu3.11

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7760-1
  CVE-2025-8058

Package Information:
  https://launchpad.net/ubuntu/+source/glibc/2.41-6ubuntu1.2
  https://launchpad.net/ubuntu/+source/glibc/2.39-0ubuntu8.6
  https://launchpad.net/ubuntu/+source/glibc/2.35-0ubuntu3.11




Attachment: signature.asc (type=application/pgp-signature)

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmjRnE8ACgkQcpJm3tlz
hgFbxBAAmOpoKn+1VUujYiMc36cftrDoQEVYGGyy732QTKqdyp1xVTl0+qEs+Hvv
WUlnq7pWcqWLIfSb/t5n0TmM+YdD3iprP9kqR6f/a2qF3lZdGnX3+mXAOVbbzOG6
LzcTjJY2cx5P2uwx+ZoFvI1NFGyOiowjSrt92HjMNbzcoBUmtxikqaRvSa6mO3Xg
tOxJxkfRXPIIMP1eXhfom+uh+OeBeVSjALiw04Yoeh+PR8jD8eg8NSsMlajdJFLU
9ULTpEdBigvyOWX2XAIE7Ro5kQ1exW+WpCBSMAOte7kil+hhMqWRIsqagnaT4smG
hQozvlwzUccsCM3ZLf+QksVc+chNDuTR+OwwIvMs2GtQBU5iWHNuHFCynJQjyIxm
eXnO5XK5HUM2PHX2h0TkivaXrY03OQl7LawalHJc9CqXl4dQA6HJ6HPBCyWIaNK1
brK8KXUw6FCfF9DMrBbHWovtGnHDB5TdmZJlNm/2p6k9jvdPDUeRe41FifeWMlmY
HrFRwOQJ51SBPhmhh/LeN8SgSVEPLk5BIWWxMKEA03HuKsSeaGSVLNMlHViDkr0x
iyvekTAAxnl3WfQJC6Y0eXNsPDJXc/hGIVaO7IiYqcKGepjprBD0HWtXM9lugdbK
OLQEW4QIBZ9vV55IyeEtGSA9ziLmTVCdSGz9R8i39P7MpHWFWvs=
=XSMt
-----END PGP SIGNATURE-----
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds