Security update for glibc SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:20332-1 Final 1 1 2025-05-21T11:04:20Z current 2025-05-21T11:04:20Z 2025-05-21T11:04:20Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc This update for glibc fixes the following issues: - CVE-2025-4802: Fixed local root exploits when using static built setuid root applications. (elf: Ignore LD_LIBRARY_PATH and debug env var for setuid for static) (bsc#1243317) - pthreads NPTL: lost wakeup fix 2 (bsc#1234128, BZ #25847) - Mark functions in libc_nonshared.a as hidden (bsc#1239883) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Micro-6.0-328 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202520332-1/ Link for SUSE-SU-2025:20332-1 https://lists.suse.com/pipermail/sle-updates/2025-May/039442.html E-Mail link for SUSE-SU-2025:20332-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1234128 SUSE Bug 1234128 https://bugzilla.suse.com/1239883 SUSE Bug 1239883 https://bugzilla.suse.com/1243317 SUSE Bug 1243317 https://www.suse.com/security/cve/CVE-2025-4802/ SUSE CVE CVE-2025-4802 page SUSE Linux Micro 6.0 glibc-2.38-9.1 glibc-devel-2.38-9.1 glibc-locale-2.38-9.1 glibc-locale-base-2.38-9.1 glibc-2.38-9.1 as a component of SUSE Linux Micro 6.0 glibc-devel-2.38-9.1 as a component of SUSE Linux Micro 6.0 glibc-locale-2.38-9.1 as a component of SUSE Linux Micro 6.0 glibc-locale-base-2.38-9.1 as a component of SUSE Linux Micro 6.0 Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo). CVE-2025-4802 SUSE Linux Micro 6.0:glibc-2.38-9.1 SUSE Linux Micro 6.0:glibc-devel-2.38-9.1 SUSE Linux Micro 6.0:glibc-locale-2.38-9.1 SUSE Linux Micro 6.0:glibc-locale-base-2.38-9.1 critical To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202520332-1/ https://www.suse.com/security/cve/CVE-2025-4802.html CVE-2025-4802 https://bugzilla.suse.com/1243317 SUSE Bug 1243317 https://bugzilla.suse.com/1243318 SUSE Bug 1243318