Bug 58112 - glibc: Multiple issues (5.2)
Summary: glibc: Multiple issues (5.2)
Status: CLOSED FIXED
Alias: None
Product: UCS
Classification: Unclassified
Component: Security updates
Version: UCS 5.2
Hardware: All Linux
: P3 normal
Target Milestone: UCS 5.2-1-errata
Assignee: Quality Assurance
QA Contact: Felix Botner
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2025-03-24 15:41 CET by Quality Assurance
Modified: 2025-03-26 16:47 CET (History)
0 users

See Also:
What kind of report is it?: Security Issue
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Customer ID:
Max CVSS v3 score: 5.5 (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:H)

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Quality Assurance univentionstaff 2025-03-24 15:41:58 CET 
New Debian glibc 2.36-9+deb12u10 fixes:
This update addresses the following issue:
* glibc: buffer overflow in the GNU C Library's assert() (CVE-2025-0395)
Comment 1 Quality Assurance univentionstaff 2025-03-24 16:00:16 CET 
--- mirror/ftp/pool/main/g/glibc/glibc_2.36-9+deb12u9.dsc
+++ apt/ucs_5.2-0-errata5.2-1/source/glibc_2.36-9+deb12u10.dsc
@@ -1,3 +1,19 @@
+2.36-9+deb12u10 [Thu, 06 Mar 2025 23:46:53 +0100] Aurelien Jarno <aurel32@debian.org>:
+
+  * debian/patches/git-updates.diff: update from upstream stable branch:
+    - Change ldconfig auxcache magic number.
+    - Ensure data passed to the rseq syscall are properly initialized.
+    - Avoid integer truncation when parsing CPUID data with large cache sizes,
+      fixing a memcpy/memmove when running under the FreeBSD's bhyve
+      hypervisor.
+    - Optimize log2/expm1/log1p math functions with FMA.
+    - Fix missing cache information when running under Azure TDX hypervisor.
+    - Fix TLS performance degradation after dlopen() usage.
+    - Fix memset performance for unaligned destinations causing additional
+      loop iterations.
+    - Fixes a buffer overflow when printing assertion failure message
+      (GLIBC-SA-2025-0001 / CVE-2025-0395).
+
 2.36-9+deb12u9 [Fri, 01 Nov 2024 13:42:20 +0100] Aurelien Jarno <aurel32@debian.org>:
 
   * debian/testsuite-xfail-debian.mk: mark tst-support_descriptors as XFAIL,

<http://piuparts.knut.univention.de/5.2-1/#3255506297708753019>
Comment 2 Felix Botner univentionstaff 2025-03-24 17:16:16 CET 
OK: bug
OK: yaml
OK: announce_errata
OK: patch
OK: piuparts

[5.2-1] 68de235762d Bug #58112: glibc 2.36-9+deb12u10
 doc/errata/staging/glibc.yaml | 13 +++++++++++++
 1 file changed, 13 insertions(+)