The GNU C Library version 2.43 is now available

Created on 2026-01-25 19:26, updated on 2026-01-25 19:26, by Alexandre Dulaunoy
JSON
Description

Security related changes:

The following CVEs were fixed in this release, details of which can be found in the advisories directory of the release tarball:

GLIBC-SA-2026-0001: Integer overflow in memalign leads to heap corruption (CVE-2026-0861)

GLIBC-SA-2026-0002: getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler (CVE-2026-0915)

GLIBC-SA-2026-0003: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory (CVE-2025-15281)

For more details: https://lists.gnu.org/archive/html/info-gnu/2026-01/msg00005.html

Vulnerabilities included in this bundle
Combined detection rules

Detection rules are retrieved from Rulezet.

Combined sightings
Author Vulnerability Source Type Date