update: glibc #1621

dongsupark · 2025-01-27T10:00:21Z

Name: glibc
CVEs: CVE-2025-0395
CVSSs: n/a
Action Needed: update to >= 2.40-r8

Summary: When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

See also https://seclists.org/oss-sec/2025/q1/48.

refmap.gentoo: https://bugs.gentoo.org/948592

dongsupark added advisory security advisory security security concerns labels Jan 27, 2025

dongsupark added this to Flatcar tactical, release planning, and roadmap Jan 27, 2025

github-project-automation bot moved this to 📝 Needs Triage in Flatcar tactical, release planning, and roadmap Jan 27, 2025

dongsupark moved this from 📝 Needs Triage to 🪵Backlog in Flatcar tactical, release planning, and roadmap Jan 27, 2025

krnowak mentioned this issue Jan 27, 2025

Weekly portage-stable package updates 2025-01-27 flatcar/scripts#2614

Merged

2 tasks

dongsupark moved this from 🪵Backlog to ⚒️ In Progress in Flatcar tactical, release planning, and roadmap Jan 28, 2025

krnowak closed this as completed in flatcar/scripts#2614 Feb 7, 2025

github-project-automation bot moved this from ⚒️ In Progress to Implemented in Flatcar tactical, release planning, and roadmap Feb 7, 2025

github-actions bot mentioned this issue Feb 22, 2025

Monthly contributions report 2025-01-22 - 2025-02-21 #1658

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

update: glibc #1621

update: glibc #1621

dongsupark commented Jan 27, 2025

update: glibc #1621

update: glibc #1621

Comments

dongsupark commented Jan 27, 2025