Security update for glibc-livepatches SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2026:20608-1 Final 1 1 2026-02-19T13:54:03Z current 2026-02-19T13:54:03Z 2026-02-19T13:54:03Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for glibc-livepatches This update for glibc-livepatches fixes the following issues: Changes in glibc-livepatches: - CVE-2026-0861: Fixed inadequate size check in the memalign suite may result in an integer overflow (bsc#1256913) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLES-16.0-301 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2026/suse-su-202620608-1/ Link for SUSE-SU-2026:20608-1 https://lists.suse.com/pipermail/sle-security-updates/2026-March/024608.html E-Mail link for SUSE-SU-2026:20608-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1226501 SUSE Bug 1226501 https://bugzilla.suse.com/1228879 SUSE Bug 1228879 https://bugzilla.suse.com/1256913 SUSE Bug 1256913 https://www.suse.com/security/cve/CVE-2026-0861/ SUSE CVE CVE-2026-0861 page SUSE Linux Enterprise Server 16.0 SUSE Linux Enterprise Server for SAP applications 16.0 glibc-livepatches-0.3-160000.1.1 glibc-livepatches-0.3-160000.1.1 as a component of SUSE Linux Enterprise Server 16.0 glibc-livepatches-0.3-160000.1.1 as a component of SUSE Linux Enterprise Server for SAP applications 16.0 Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption. Note that the attacker must have control over both, the size as well as the alignment arguments of the memalign function to be able to exploit this. The size parameter must be close enough to PTRDIFF_MAX so as to overflow size_t along with the large alignment argument. This limits the malicious inputs for the alignment for memalign to the range [1<<62+ 1, 1<<63] and exactly 1<<63 for posix_memalign and aligned_alloc. Typically the alignment argument passed to such functions is a known constrained quantity (e.g. page size, block size, struct sizes) and is not attacker controlled, because of which this may not be easily exploitable in practice. An application bug could potentially result in the input alignment being too large, e.g. due to a different buffer overflow or integer overflow in the application or its dependent libraries, but that is again an uncommon usage pattern given typical sources of alignments. CVE-2026-0861 SUSE Linux Enterprise Server 16.0:glibc-livepatches-0.3-160000.1.1 SUSE Linux Enterprise Server for SAP applications 16.0:glibc-livepatches-0.3-160000.1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2026/suse-su-202620608-1/ https://www.suse.com/security/cve/CVE-2026-0861.html CVE-2026-0861 https://bugzilla.suse.com/1256766 SUSE Bug 1256766 https://bugzilla.suse.com/1256913 SUSE Bug 1256913