Ubuntu alert USN-8005-1 (glibc)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8005-1] GNU C Library vulnerabilities | |
| Date: | Wed, 04 Feb 2026 02:22:25 +0000 | |
| Message-ID: | <E1vnSXB-0005Oe-MQ@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8005-1 February 03, 2026 glibc vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 25.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Several security issues were fixed in GNU C Library. Software Description: - glibc: GNU C Library Details: Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDE_REUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. (CVE-2025-15281) Anastasia Belova discovered that the GNU C Library incorrectly handled the regcomp function when memory allocation failures occured. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-8058) Igor Morgenstern discovered that the GNU C Library incorrectly handled the memalign function when doing memory allocation. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-0861) Igor Morgenstern discovered that the GNU C Library incorrectly handled certain DNS backend when queries for a zero-valued network. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-0915) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 25.10 libc6 2.42-0ubuntu3.1 nscd 2.42-0ubuntu3.1 Ubuntu 24.04 LTS libc6 2.39-0ubuntu8.7 nscd 2.39-0ubuntu8.7 Ubuntu 22.04 LTS libc6 2.35-0ubuntu3.13 nscd 2.35-0ubuntu3.13 Ubuntu 20.04 LTS libc6 2.31-0ubuntu9.18+esm1 Available with Ubuntu Pro nscd 2.31-0ubuntu9.18+esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS libc6 2.27-3ubuntu1.6+esm6 Available with Ubuntu Pro nscd 2.27-3ubuntu1.6+esm6 Available with Ubuntu Pro Ubuntu 16.04 LTS libc6 2.23-0ubuntu11.3+esm9 Available with Ubuntu Pro nscd 2.23-0ubuntu11.3+esm9 Available with Ubuntu Pro After a standard system update you need to reboot your computer to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8005-1 CVE-2025-15281, CVE-2025-8058, CVE-2026-0861, CVE-2026-0915 Package Information: https://launchpad.net/ubuntu/+source/glibc/2.42-0ubuntu3.1 https://launchpad.net/ubuntu/+source/glibc/2.39-0ubuntu8.7 https://launchpad.net/ubuntu/+source/glibc/2.35-0ubuntu3.13
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmmCrSkACgkQcpJm3tlz hgH+MQ/+JCP4ohRsdrkivjl0uNyz2hhnv5CoIbTsZQawYRjJqnLg18xkgawhjpPP OV8Etg2bf3H702+LVBdanYdLR/Fd98Ysfc0eng2PQldPT9fRWbuVyPVl9pjM8a/R hc0TnH9HVihwx+h8yHfjb9S/XHrta50kKGGcSJqhtPCDhCbRx/xuy8BsGxZM2atE STJ1fAex3Sew671Hi6H4k20Vmtqhyk3q3MD5zWOKIdUtskAWkJ9mkgLHW3cuC7zW V6EXD7pccvGCnsCrql/W0TE12CSxihl8W09wTqFUG/Zzq5ehQ4CPF4QSH+hodEiY +OZbo90krYeG0ta4j6W9GEw5r0+E6lY/O3BPyyfVmSq9ryu3hoVvs6KIbZdJQaAy oiLrxDMWbdHCO/dWR+0xFk+dvnfrATDid064U85XX7IB7YVEijmPByftUlV+A7jA Joi54k0SClshU4S74VSQZDPr6UNlSgkomghY0EOB+HmmewnOEPj4tSl9PsQRfVrb ZjAEPpJlA+hJRKardotbZMO6gfThJ574vmQYDLLtBF8DPu74zn4jF1gJMcSUd/2m HWT6PU1++R3dsSR6uGyZG0BdCEhdFF4Lxk0lAb8kFoMelD5c2/DNMBgw+sXtI4j3 WDVH77a5rv/IGHoOeUPmgm/HOcwT/fXrn1eSCdx7pHi4IMPMZiQ= =d6N1 -----END PGP SIGNATURE-----