Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <3e735842-546e-4f11-b69f-208078a87341@redhat.com>
Date: Tue, 28 Apr 2026 07:50:22 -0400
From: Carlos O'Donell <carlos@...hat.com>
To: oss-security@...ts.openwall.com
Subject: The GNU C Library security advisories update for 2026-04-28

The following security advisories have been published:

GLIBC-SA-2026-0011:
===================
Potential buffer overflow in ns_sprintrrf TSIG handling path

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the
GNU C Library version 2.2 and newer fail to enforce the caller-supplied
buffer length, and can result in an out-of-bounds write when printing
TSIG records.

A defect in the TSIG case handling within ns_sprintrrf performs a
formatted write using sprintf without checking the remaining buffer
length, and may write up to 6 bytes past the end of the buffer.  If the
library is compiled with assertions, and the out-of-bounds write doesn't
terminate the process, then a subsequent check for "len <= *buflen" will
trigger an assertion failure.

These functions are for application debugging only and hence not in the
path of code executed by the DNS resolver. Further, they have been
deprecated since version 2.34 (2021-08-02) and should not be used by any
new applications.  Applications should consider porting away from these
interfaces since they may be removed in future versions.

CVE-Id: CVE-2026-5435
Public-Date: 2026-04-02
Vulnerable-Commit: b43b13ac2544b11f35be301d1589b51a8473e32b (2.2)
Reported-by: shinobu

GLIBC-SA-2026-0012:
===================
Buffer overread in ns_printrrf with corrupted RDATA field

The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the
GNU C Library version 2.2 and newer fail to validate the RDATA content
against the RDATA length in a DNS response when processing LOC, CERT,
TKEY or TSIG records, which may allow an attacker to craft a DNS
response, causing a target application to crash or read uninitialized
memory.

These functions are for application debugging only and hence not in the
path of code executed by the DNS resolver.  Further, they have been
deprecated since version 2.34 and should not be used by any new
applications.  Applications should consider porting away from these
interfaces since they may be removed in future versions.

CVE-Id: CVE-2026-6238
Public-Date: 2026-04-11
Vulnerable-Commit: b43b13ac2544b11f35be301d1589b51a8473e32b (2.2)

Notes:
======

Published advisories are available directly in the project git repository:
https://sourceware.org/git/?p=glibc.git;a=tree;f=advisories;hb=HEAD

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.