glibc-2.42-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:15459-1 Final 1 1 2025-08-18T00:00:00Z current 2025-08-18T00:00:00Z 2025-08-18T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z glibc-2.42-1.1 on GA media These are all security issues fixed in the glibc-2.42-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-15459 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-8058/ SUSE CVE CVE-2025-8058 page openSUSE Tumbleweed glibc-2.42-1.1 glibc-devel-2.42-1.1 glibc-devel-static-2.42-1.1 glibc-extra-2.42-1.1 glibc-gconv-modules-extra-2.42-1.1 glibc-html-2.42-1.1 glibc-i18ndata-2.42-1.1 glibc-info-2.42-1.1 glibc-lang-2.42-1.1 glibc-locale-2.42-1.1 glibc-locale-base-2.42-1.1 glibc-profile-2.42-1.1 glibc-2.42-1.1 as a component of openSUSE Tumbleweed glibc-devel-2.42-1.1 as a component of openSUSE Tumbleweed glibc-devel-static-2.42-1.1 as a component of openSUSE Tumbleweed glibc-extra-2.42-1.1 as a component of openSUSE Tumbleweed glibc-gconv-modules-extra-2.42-1.1 as a component of openSUSE Tumbleweed glibc-html-2.42-1.1 as a component of openSUSE Tumbleweed glibc-i18ndata-2.42-1.1 as a component of openSUSE Tumbleweed glibc-info-2.42-1.1 as a component of openSUSE Tumbleweed glibc-lang-2.42-1.1 as a component of openSUSE Tumbleweed glibc-locale-2.42-1.1 as a component of openSUSE Tumbleweed glibc-locale-base-2.42-1.1 as a component of openSUSE Tumbleweed glibc-profile-2.42-1.1 as a component of openSUSE Tumbleweed The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. CVE-2025-8058 openSUSE Tumbleweed:glibc-2.42-1.1 openSUSE Tumbleweed:glibc-devel-2.42-1.1 openSUSE Tumbleweed:glibc-devel-static-2.42-1.1 openSUSE Tumbleweed:glibc-extra-2.42-1.1 openSUSE Tumbleweed:glibc-gconv-modules-extra-2.42-1.1 openSUSE Tumbleweed:glibc-html-2.42-1.1 openSUSE Tumbleweed:glibc-i18ndata-2.42-1.1 openSUSE Tumbleweed:glibc-info-2.42-1.1 openSUSE Tumbleweed:glibc-lang-2.42-1.1 openSUSE Tumbleweed:glibc-locale-2.42-1.1 openSUSE Tumbleweed:glibc-locale-base-2.42-1.1 openSUSE Tumbleweed:glibc-profile-2.42-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-8058.html CVE-2025-8058 https://bugzilla.suse.com/1246965 SUSE Bug 1246965