Advisories » MGASA-2025-0026

Updated glibc packages fix security vulnerability

Publication date: 26 Jan 2025
Modification date: 26 Jan 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-0395

Description

When the assert() function in the GNU C Library versions 2.13 to 2.40
fails, it does not allocate enough space for the assertion failure
message string and size information, which may lead to a buffer overflow
if the message string size aligns to page size. (CVE-2025-0395)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=33953
• https://www.openwall.com/lists/oss-security/2025/01/22/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0395

SRPMS

9/core

• glibc-2.36-55.mga9