-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-ced72ab158 2026-05-02 02:10:24.452838+00:00 --------------------------------------------------------------------------------
Name : glibc Product : Fedora 44 Version : 2.43 Release : 4.fc44 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
-------------------------------------------------------------------------------- Update Information:
This update provides various security fixes. Buffer overflow in scanf %mc (CVE-2026-5450) ns_sprintrrf buffer overreads (CVE-2026-6238) ns_sprintrrf buffer overflow in TSIG record processing (CVE-2026-5435) Memory corruption in ungetwc (CVE-2026-5928) Assertion failure in iconv with IBM1390, IBM1399 charsets (CVE-2026-4046) -------------------------------------------------------------------------------- ChangeLog:
* Thu Apr 30 2026 Florian Weimer fweimer@redhat.com - 2.43-4 - Add downstream patches with fixes for vulnerabilities. - Fix buffer overflow in scanf %mc (CVE-2026-5450) - Fix ns_sprintrrf buffer overreads (CVE-2026-6238) - Fix ns_sprintrrf buffer overflow in TSIG record processing (CVE-2026-5435) - Fix memory corruption in ungetwc (CVE-2026-5928) - Auto-sync with upstream branch release/2.43/master, commit 8362e8ce10b24068bacc19552c128dd10e082fd9: - iconv: Use pending character state in IBM1390, IBM1399 character sets (CVE-2026-4046) -------------------------------------------------------------------------------- References:
[ 1 ] Bug #2453212 - CVE-2026-4046 glibc: glibc: Denial of Service via iconv() function with specific character sets [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453212 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-ced72ab158' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------