Fedora alert FEDORA-2026-ced72ab158 (glibc)
| From: | updates--- via package-announce <package-announce@lists.fedoraproject.org> | |
| To: | package-announce@lists.fedoraproject.org | |
| Subject: | [SECURITY] Fedora 44 Update: glibc-2.43-4.fc44 | |
| Date: | Sat, 02 May 2026 02:12:16 +0000 | |
| Message-ID: | <20260502021216.5A81C8C974@bastion01.rdu3.fedoraproject.org> | |
| Archive-link: | Article |
-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ced72ab158 2026-05-02 02:10:24.452838+00:00 -------------------------------------------------------------------------------- Name : glibc Product : Fedora 44 Version : 2.43 Release : 4.fc44 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. -------------------------------------------------------------------------------- Update Information: This update provides various security fixes. Buffer overflow in scanf %mc (CVE-2026-5450) ns_sprintrrf buffer overreads (CVE-2026-6238) ns_sprintrrf buffer overflow in TSIG record processing (CVE-2026-5435) Memory corruption in ungetwc (CVE-2026-5928) Assertion failure in iconv with IBM1390, IBM1399 charsets (CVE-2026-4046) -------------------------------------------------------------------------------- ChangeLog: * Thu Apr 30 2026 Florian Weimer <fweimer@redhat.com> - 2.43-4 - Add downstream patches with fixes for vulnerabilities. - Fix buffer overflow in scanf %mc (CVE-2026-5450) - Fix ns_sprintrrf buffer overreads (CVE-2026-6238) - Fix ns_sprintrrf buffer overflow in TSIG record processing (CVE-2026-5435) - Fix memory corruption in ungetwc (CVE-2026-5928) - Auto-sync with upstream branch release/2.43/master, commit 8362e8ce10b24068bacc19552c128dd10e082fd9: - iconv: Use pending character state in IBM1390, IBM1399 character sets (CVE-2026-4046) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2453212 - CVE-2026-4046 glibc: glibc: Denial of Service via iconv() function with specific character sets [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453212 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ced72ab158' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgr... All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@lists.fedoraproject.org To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-cond... List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-ann... Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new