Security update for glibc SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01702-1 Final 1 1 2025-05-24T09:50:54Z current 2025-05-24T09:50:54Z 2025-05-24T09:50:54Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc fixes the following issues: - CVE-2025-4802: possible execution of attacker controlled code when statically linked setuid binaries using dlopen search for libraries to load in LD_LIBRARY_PATH (bsc#1243317). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-1702,SUSE-SLE-Module-Basesystem-15-SP6-2025-1702,SUSE-SLE-Module-Development-Tools-15-SP6-2025-1702,openSUSE-SLE-15.6-2025-1702 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501702-1/ Link for SUSE-SU-2025:01702-1 https://lists.suse.com/pipermail/sle-updates/2025-May/039341.html E-Mail link for SUSE-SU-2025:01702-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1243317 SUSE Bug 1243317 https://www.suse.com/security/cve/CVE-2025-4802/ SUSE CVE CVE-2025-4802 page SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Development Tools 15 SP6 openSUSE Leap 15.6 glibc-2.38-150600.14.32.1 glibc-32bit-2.38-150600.14.32.1 glibc-devel-2.38-150600.14.32.1 glibc-extra-2.38-150600.14.32.1 glibc-i18ndata-2.38-150600.14.32.1 glibc-info-2.38-150600.14.32.1 glibc-lang-2.38-150600.14.32.1 glibc-locale-2.38-150600.14.32.1 glibc-locale-base-2.38-150600.14.32.1 glibc-locale-base-32bit-2.38-150600.14.32.1 glibc-profile-2.38-150600.14.32.1 libnsl1-2.38-150600.14.32.1 libnsl1-32bit-2.38-150600.14.32.1 nscd-2.38-150600.14.32.1 glibc-devel-32bit-2.38-150600.14.32.1 glibc-devel-static-2.38-150600.14.32.1 glibc-utils-2.38-150600.14.32.1 glibc-devel-static-32bit-2.38-150600.14.32.1 glibc-html-2.38-150600.14.32.1 glibc-profile-32bit-2.38-150600.14.32.1 glibc-utils-32bit-2.38-150600.14.32.1 glibc-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-32bit-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-devel-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-extra-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-i18ndata-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-info-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-lang-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-locale-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-locale-base-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-locale-base-32bit-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-profile-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libnsl1-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 libnsl1-32bit-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 nscd-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 glibc-devel-32bit-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 glibc-devel-static-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 glibc-utils-2.38-150600.14.32.1 as a component of SUSE Linux Enterprise Module for Development Tools 15 SP6 glibc-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-32bit-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-devel-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-devel-32bit-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-devel-static-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-devel-static-32bit-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-extra-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-html-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-i18ndata-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-info-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-lang-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-locale-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-locale-base-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-locale-base-32bit-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-profile-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-profile-32bit-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-utils-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 glibc-utils-32bit-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 libnsl1-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 libnsl1-32bit-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 nscd-2.38-150600.14.32.1 as a component of openSUSE Leap 15.6 Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). CVE-2025-4802 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-32bit-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-devel-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-extra-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-i18ndata-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-info-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-lang-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-locale-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-locale-base-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-locale-base-32bit-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:glibc-profile-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libnsl1-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:libnsl1-32bit-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Basesystem 15 SP6:nscd-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:glibc-devel-32bit-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:glibc-devel-static-2.38-150600.14.32.1 SUSE Linux Enterprise Module for Development Tools 15 SP6:glibc-utils-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-32bit-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-devel-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-devel-32bit-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-devel-static-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-devel-static-32bit-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-extra-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-html-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-i18ndata-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-info-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-lang-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-locale-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-locale-base-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-locale-base-32bit-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-profile-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-profile-32bit-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-utils-2.38-150600.14.32.1 openSUSE Leap 15.6:glibc-utils-32bit-2.38-150600.14.32.1 openSUSE Leap 15.6:libnsl1-2.38-150600.14.32.1 openSUSE Leap 15.6:libnsl1-32bit-2.38-150600.14.32.1 openSUSE Leap 15.6:nscd-2.38-150600.14.32.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501702-1/ https://www.suse.com/security/cve/CVE-2025-4802.html CVE-2025-4802 https://bugzilla.suse.com/1243317 SUSE Bug 1243317 https://bugzilla.suse.com/1243318 SUSE Bug 1243318