Updated glibc packages fix security vulnerability
Publication date: 24 May 2025Modification date: 24 May 2025
Type: security
Affected Mageia releases : 9
CVE: CVE-2025-4802
Description
An untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library versions 2.27 to 2.38 allows attacker-controlled loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). (CVE-2025-4802)
References
SRPMS
9/core
- glibc-2.36-56.mga9