Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2026-5358 (GCVE-0-2026-5358)
Vulnerability from cvelistv5 – Published: 2026-04-20 20:37 – Updated: 2026-04-22 13:04REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been discovered that no NIS+ client or server was ever released for any Linux-based OS distributions and as such this makes the API provisional and unused. Secondly it has been discovered that the NIS+ cold start cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API can only be called with a trusted server from the pre-populated cache. The use of a trusted server means no trust boundary is crossed and this is therefore considered a normal bug.
Show details on NVD website{
"containers": {
"cna": {
"providerMetadata": {
"dateUpdated": "2026-04-22T13:04:20.656Z",
"orgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"shortName": "glibc"
},
"rejectedReasons": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cspan\u003eREJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been\u0026nbsp;\u003c/span\u003e\u003cspan\u003ediscovered that no NIS+ client or server was ever released for any\u0026nbsp;\u003c/span\u003e\u003cspan\u003eLinux-based OS distributions and as such this makes the API provisional\u0026nbsp;\u003c/span\u003e\u003cspan\u003eand unused. Secondly it has been discovered that the NIS+ cold start\u0026nbsp;\u003c/span\u003e\u003cspan\u003ecache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API\u0026nbsp;\u003c/span\u003e\u003cspan\u003ecan only be called with a trusted server from the pre-populated cache.\u0026nbsp;\u003c/span\u003e\u003cspan\u003eThe use of a trusted server means no trust boundary is crossed and this\u0026nbsp;\u003c/span\u003e\u003cspan\u003eis therefore considered a normal bug.\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/div\u003e"
}
],
"value": "REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been\u00a0discovered that no NIS+ client or server was ever released for any\u00a0Linux-based OS distributions and as such this makes the API provisional\u00a0and unused. Secondly it has been discovered that the NIS+ cold start\u00a0cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API\u00a0can only be called with a trusted server from the pre-populated cache.\u00a0The use of a trusted server means no trust boundary is crossed and this\u00a0is therefore considered a normal bug."
}
],
"x_generator": {
"engine": "Vulnogram 1.0.1"
}
}
},
"cveMetadata": {
"assignerOrgId": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"assignerShortName": "glibc",
"cveId": "CVE-2026-5358",
"datePublished": "2026-04-20T20:37:23.178Z",
"dateRejected": "2026-04-22T13:04:20.656Z",
"dateReserved": "2026-04-01T17:07:51.437Z",
"dateUpdated": "2026-04-22T13:04:20.656Z",
"state": "REJECTED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2026-5358",
"date": "2026-04-22",
"epss": "0.0004",
"percentile": "0.12183"
},
"microsoft_vex": {
"current_release_date": "2026-06-03T01:40:08.000Z",
"cve": "CVE-2026-5358",
"id": "msrc_CVE-2026-5358",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"product_status:known_affected": "3",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "Static buffer overflow in deprecated nis_local_principal",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-5358.json",
"version": "3"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2026-5358\",\"sourceIdentifier\":\"3ff69d7a-14f2-4f67-a097-88dee7810d18\",\"published\":\"2026-04-20T21:16:36.713\",\"lastModified\":\"2026-04-22T14:17:05.687\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been\u00a0discovered that no NIS+ client or server was ever released for any\u00a0Linux-based OS distributions and as such this makes the API provisional\u00a0and unused. Secondly it has been discovered that the NIS+ cold start\u00a0cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API\u00a0can only be called with a trusted server from the pre-populated cache.\u00a0The use of a trusted server means no trust boundary is crossed and this\u00a0is therefore considered a normal bug.\"}],\"metrics\":{},\"references\":[]}}",
"redhat_vex": {
"aggregate_severity": "None",
"current_release_date": "2026-06-28T07:44:44+00:00",
"cve": "CVE-2026-5358",
"id": "CVE-2026-5358",
"initial_release_date": "2026-04-20T20:37:23.178000+00:00",
"product_status:known_not_affected": "675",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "glibc: glibc: Data corruption or denial of service via buffer overflow in nis_local_principal function",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-5358.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"3ff69d7a-14f2-4f67-a097-88dee7810d18\", \"shortName\": \"glibc\", \"dateUpdated\": \"2026-04-22T13:04:20.656Z\"}, \"rejectedReasons\": [{\"lang\": \"en\", \"value\": \"REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been\\u00a0discovered that no NIS+ client or server was ever released for any\\u00a0Linux-based OS distributions and as such this makes the API provisional\\u00a0and unused. Secondly it has been discovered that the NIS+ cold start\\u00a0cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API\\u00a0can only be called with a trusted server from the pre-populated cache.\\u00a0The use of a trusted server means no trust boundary is crossed and this\\u00a0is therefore considered a normal bug.\", \"supportingMedia\": [{\"type\": \"text/html\", \"base64\": false, \"value\": \"\u003cdiv\u003e\u003cspan\u003eREJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been\u0026nbsp;\u003c/span\u003e\u003cspan\u003ediscovered that no NIS+ client or server was ever released for any\u0026nbsp;\u003c/span\u003e\u003cspan\u003eLinux-based OS distributions and as such this makes the API provisional\u0026nbsp;\u003c/span\u003e\u003cspan\u003eand unused. Secondly it has been discovered that the NIS+ cold start\u0026nbsp;\u003c/span\u003e\u003cspan\u003ecache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API\u0026nbsp;\u003c/span\u003e\u003cspan\u003ecan only be called with a trusted server from the pre-populated cache.\u0026nbsp;\u003c/span\u003e\u003cspan\u003eThe use of a trusted server means no trust boundary is crossed and this\u0026nbsp;\u003c/span\u003e\u003cspan\u003eis therefore considered a normal bug.\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/div\u003e\u003cdiv\u003e\u003cspan\u003e\u003cbr\u003e\u003c/span\u003e\u003c/div\u003e\"}]}], \"x_generator\": {\"engine\": \"Vulnogram 1.0.1\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2026-5358\", \"assignerOrgId\": \"3ff69d7a-14f2-4f67-a097-88dee7810d18\", \"state\": \"REJECTED\", \"assignerShortName\": \"glibc\", \"dateReserved\": \"2026-04-01T17:07:51.437Z\", \"datePublished\": \"2026-04-20T20:37:23.178Z\", \"dateUpdated\": \"2026-04-22T13:04:20.656Z\", \"dateRejected\": \"2026-04-22T13:04:20.656Z\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
FKIE_CVE-2026-5358
Vulnerability from fkie_nvd - Published: 2026-04-20 21:16 - Updated: 2026-04-22 14:17| URL | Tags |
|---|
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Rejected reason: REJECTED: CVE-2026-5358 is rejected for two reasons. Firstly it has been\u00a0discovered that no NIS+ client or server was ever released for any\u00a0Linux-based OS distributions and as such this makes the API provisional\u00a0and unused. Secondly it has been discovered that the NIS+ cold start\u00a0cache (/var/nis/NIS_COLD_START) cannot be bypassed and as such the API\u00a0can only be called with a trusted server from the pre-populated cache.\u00a0The use of a trusted server means no trust boundary is crossed and this\u00a0is therefore considered a normal bug."
}
],
"id": "CVE-2026-5358",
"lastModified": "2026-04-22T14:17:05.687",
"metrics": {},
"published": "2026-04-20T21:16:36.713",
"references": [],
"sourceIdentifier": "3ff69d7a-14f2-4f67-a097-88dee7810d18",
"vulnStatus": "Rejected"
}
GHSA-JJ2G-XQ7W-GF88
Vulnerability from github – Published: 2026-04-20 21:31 – Updated: 2026-04-21 21:31The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application.
NIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.
{
"affected": [],
"aliases": [
"CVE-2026-5358"
],
"database_specific": {
"cwe_ids": [
"CWE-120"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-20T21:16:36Z",
"severity": "CRITICAL"
},
"details": "The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application.\n\nNIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.",
"id": "GHSA-jj2g-xq7w-gf88",
"modified": "2026-04-21T21:31:21Z",
"published": "2026-04-20T21:31:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-5358"
},
{
"type": "WEB",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34067"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"type": "CVSS_V3"
}
]
}
MSRC_CVE-2026-5358
Vulnerability from csaf_microsoft - Published: 2026-04-02 00:00 - Updated: 2026-06-03 01:40| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: 17084-1 | — |
None Available
|
|
| Unresolved product id: 17084-2 | — |
None Available
|
|
| Unresolved product id: 17086-3 | — |
None Available
|
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2026/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-5358.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Static buffer overflow in deprecated nis_local_principal",
"tracking": {
"current_release_date": "2026-06-03T01:40:08.000Z",
"generator": {
"date": "2026-06-03T07:57:49.886Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2026-5358",
"initial_release_date": "2026-04-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-04-22T01:01:24.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2026-04-23T01:01:23.000Z",
"legacy_version": "2",
"number": "2",
"summary": "Information published."
},
{
"date": "2026-06-03T01:40:08.000Z",
"legacy_version": "3",
"number": "3",
"summary": "Information published."
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
},
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 glibc 0:2.38-20.azl3",
"product": {
"name": "azl3 glibc 0:2.38-20.azl3",
"product_id": "1"
}
},
{
"category": "product_version_range",
"name": "azl3 glibc 0:2.38-19.azl3",
"product": {
"name": "azl3 glibc 0:2.38-19.azl3",
"product_id": "2"
}
},
{
"category": "product_version_range",
"name": "cbl2 glibc 0:2.35-10.cbl2",
"product": {
"name": "cbl2 glibc 0:2.35-10.cbl2",
"product_id": "3"
}
}
],
"category": "product_name",
"name": "glibc"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 glibc 0:2.38-20.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 glibc 0:2.38-19.azl3 as a component of Azure Linux 3.0",
"product_id": "17084-2"
},
"product_reference": "2",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 glibc 0:2.35-10.cbl2 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-5358",
"cwe": {
"id": "CWE-120",
"name": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)"
},
"notes": [
{
"category": "general",
"text": "glibc",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-1",
"17084-2",
"17086-3"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2026-5358 Static buffer overflow in deprecated nis_local_principal - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2026-5358.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-04-22T01:01:24.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-1"
]
},
{
"category": "none_available",
"date": "2026-04-22T01:01:24.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-2"
]
},
{
"category": "none_available",
"date": "2026-04-22T01:01:24.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17086-3"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"17084-1",
"17084-2",
"17086-3"
]
}
],
"title": "Static buffer overflow in deprecated nis_local_principal"
}
]
}
ubuntu-cve-2026-5358
Vulnerability from osv_ubuntu
(The obsolete nis_local_principal function in the GNU C Library version ...)
{
"affected": [
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "eglibc-source",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc-bin",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-armel",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-dev-armel",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-pic",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-prof",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "multiarch-support",
"binary_version": "2.19-0ubuntu6.15+esm4"
},
{
"binary_name": "nscd",
"binary_version": "2.19-0ubuntu6.15+esm4"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "eglibc",
"purl": "pkg:deb/ubuntu/eglibc@2.19-0ubuntu6.15+esm4?arch=source\u0026distro=esm-infra-legacy/trusty"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.17-93ubuntu4",
"2.18-0ubuntu1",
"2.18-0ubuntu2",
"2.18-0ubuntu4",
"2.18-0ubuntu5",
"2.18-0ubuntu6",
"2.18-0ubuntu7",
"2.19-0ubuntu2",
"2.19-0ubuntu3",
"2.19-0ubuntu4",
"2.19-0ubuntu5",
"2.19-0ubuntu6",
"2.19-0ubuntu6.1",
"2.19-0ubuntu6.3",
"2.19-0ubuntu6.4",
"2.19-0ubuntu6.5",
"2.19-0ubuntu6.6",
"2.19-0ubuntu6.7",
"2.19-0ubuntu6.8",
"2.19-0ubuntu6.9",
"2.19-0ubuntu6.10",
"2.19-0ubuntu6.11",
"2.19-0ubuntu6.13",
"2.19-0ubuntu6.14",
"2.19-0ubuntu6.15",
"2.19-0ubuntu6.15+esm1",
"2.19-0ubuntu6.15+esm2",
"2.19-0ubuntu6.15+esm3",
"2.19-0ubuntu6.15+esm4"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc-bin",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-armel",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-dev-armel",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-pic",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "locales",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "locales-all",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "multiarch-support",
"binary_version": "2.23-0ubuntu11.3+esm9"
},
{
"binary_name": "nscd",
"binary_version": "2.23-0ubuntu11.3+esm9"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.23-0ubuntu11.3+esm9?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.21-0ubuntu4",
"2.21-0ubuntu5",
"2.21-0ubuntu6",
"2.23-0ubuntu1",
"2.23-0ubuntu2",
"2.23-0ubuntu3",
"2.23-0ubuntu4",
"2.23-0ubuntu5",
"2.23-0ubuntu6",
"2.23-0ubuntu7",
"2.23-0ubuntu9",
"2.23-0ubuntu10",
"2.23-0ubuntu11",
"2.23-0ubuntu11.2",
"2.23-0ubuntu11.3",
"2.23-0ubuntu11.3+esm1",
"2.23-0ubuntu11.3+esm2",
"2.23-0ubuntu11.3+esm3",
"2.23-0ubuntu11.3+esm5",
"2.23-0ubuntu11.3+esm6",
"2.23-0ubuntu11.3+esm7",
"2.23-0ubuntu11.3+esm8",
"2.23-0ubuntu11.3+esm9"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc-bin",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-armel",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-dev-armel",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-lse",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-pic",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "locales",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "locales-all",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "multiarch-support",
"binary_version": "2.27-3ubuntu1.6+esm6"
},
{
"binary_name": "nscd",
"binary_version": "2.27-3ubuntu1.6+esm6"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.27-3ubuntu1.6+esm6?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.26-0ubuntu2",
"2.26-0ubuntu2.1",
"2.27-0ubuntu2",
"2.27-0ubuntu3",
"2.27-3ubuntu1",
"2.27-3ubuntu1.2",
"2.27-3ubuntu1.3",
"2.27-3ubuntu1.4",
"2.27-3ubuntu1.5",
"2.27-3ubuntu1.6",
"2.27-3ubuntu1.6+esm1",
"2.27-3ubuntu1.6+esm2",
"2.27-3ubuntu1.6+esm3",
"2.27-3ubuntu1.6+esm4",
"2.27-3ubuntu1.6+esm5",
"2.27-3ubuntu1.6+esm6"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc-bin",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-armel",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-dev-armel",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-lse",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-pic",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-prof",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "locales",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "locales-all",
"binary_version": "2.31-0ubuntu9.18+esm1"
},
{
"binary_name": "nscd",
"binary_version": "2.31-0ubuntu9.18+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.31-0ubuntu9.18+esm1?arch=source\u0026distro=esm-infra/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.30-0ubuntu2",
"2.30-0ubuntu3",
"2.31-0ubuntu5",
"2.31-0ubuntu6",
"2.31-0ubuntu7",
"2.31-0ubuntu9",
"2.31-0ubuntu9.1",
"2.31-0ubuntu9.2",
"2.31-0ubuntu9.3",
"2.31-0ubuntu9.7",
"2.31-0ubuntu9.9",
"2.31-0ubuntu9.12",
"2.31-0ubuntu9.14",
"2.31-0ubuntu9.15",
"2.31-0ubuntu9.16",
"2.31-0ubuntu9.17",
"2.31-0ubuntu9.18",
"2.31-0ubuntu9.18+esm1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc-bin",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc-devtools",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc6",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc6-prof",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "locales",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "locales-all",
"binary_version": "2.35-0ubuntu3.13"
},
{
"binary_name": "nscd",
"binary_version": "2.35-0ubuntu3.13"
}
]
},
"package": {
"ecosystem": "Ubuntu:22.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.35-0ubuntu3.13?arch=source\u0026distro=jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.34-0ubuntu3",
"2.35-0ubuntu1",
"2.35-0ubuntu3",
"2.35-0ubuntu3.1",
"2.35-0ubuntu3.3",
"2.35-0ubuntu3.4",
"2.35-0ubuntu3.5",
"2.35-0ubuntu3.6",
"2.35-0ubuntu3.7",
"2.35-0ubuntu3.8",
"2.35-0ubuntu3.9",
"2.35-0ubuntu3.10",
"2.35-0ubuntu3.11",
"2.35-0ubuntu3.12",
"2.35-0ubuntu3.13"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc-bin",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc-devtools",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc6",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc6-dev-s390",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc6-s390",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "locales",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "locales-all",
"binary_version": "2.39-0ubuntu8.7"
},
{
"binary_name": "nscd",
"binary_version": "2.39-0ubuntu8.7"
}
]
},
"package": {
"ecosystem": "Ubuntu:24.04:LTS",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.39-0ubuntu8.7?arch=source\u0026distro=noble"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.38-1ubuntu6",
"2.38-3ubuntu1",
"2.39-0ubuntu1",
"2.39-0ubuntu2",
"2.39-0ubuntu6",
"2.39-0ubuntu8",
"2.39-0ubuntu8.1",
"2.39-0ubuntu8.2",
"2.39-0ubuntu8.3",
"2.39-0ubuntu8.4",
"2.39-0ubuntu8.5",
"2.39-0ubuntu8.6",
"2.39-0ubuntu8.7"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "libc-bin",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "libc-devtools",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "libc6",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "locales",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "locales-all",
"binary_version": "2.42-0ubuntu3.1"
},
{
"binary_name": "nscd",
"binary_version": "2.42-0ubuntu3.1"
}
]
},
"package": {
"ecosystem": "Ubuntu:25.10",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.42-0ubuntu3.1?arch=source\u0026distro=questing"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.41-6ubuntu1",
"2.41-6ubuntu2",
"2.41-9ubuntu1",
"2.42-0ubuntu1",
"2.42-0ubuntu3",
"2.42-0ubuntu3.1"
]
},
{
"ecosystem_specific": {
"binaries": [
{
"binary_name": "glibc-source",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc-bin",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc-dev-bin",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc-devtools",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc-gconv-modules-extra",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc6",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc6-amd64",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc6-dev-amd64",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc6-dev-i386",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc6-dev-x32",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc6-i386",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "libc6-x32",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "locales",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "locales-all",
"binary_version": "2.43-2ubuntu2"
},
{
"binary_name": "nscd",
"binary_version": "2.43-2ubuntu2"
}
]
},
"package": {
"ecosystem": "Ubuntu:26.04",
"name": "glibc",
"purl": "pkg:deb/ubuntu/glibc@2.43-2ubuntu2?arch=source\u0026distro=resolute"
},
"ranges": [
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"2.42-0ubuntu3",
"2.42-2ubuntu1",
"2.42-2ubuntu2",
"2.42-2ubuntu4",
"2.42-2ubuntu5",
"2.43-2ubuntu1",
"2.43-2ubuntu2"
]
}
],
"aliases": [],
"details": "(The obsolete nis_local_principal function in the GNU C Library version ...)",
"id": "UBUNTU-CVE-2026-5358",
"modified": "2026-04-22T00:00:00Z",
"published": "2026-04-22T00:00:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2026-5358"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2026-5358"
},
{
"type": "REPORT",
"url": "https://sourceware.org/bugzilla/show_bug.cgi?id=34067"
},
{
"type": "REPORT",
"url": "https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0008"
}
],
"related": [],
"schema_version": "1.7.0",
"severity": [
{
"score": "medium",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2026-5358"
],
"withdrawn": "2026-05-14T11:38:29Z"
}
WID-SEC-W-2026-1190
Vulnerability from csaf_certbund - Published: 2026-04-20 22:00 - Updated: 2026-06-10 22:00| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GNU libc <=2.43
Open Source / GNU libc
|
<=2.43 |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Red Hat Enterprise Linux
Red Hat
|
cpe:/o:redhat:enterprise_linux:-
|
— | |
|
SUSE openSUSE
SUSE
|
cpe:/o:suse:opensuse:-
|
— | |
|
Fedora Linux
Fedora
|
cpe:/o:fedoraproject:fedora:-
|
— |
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Open Source GNU libc <=2.43
Open Source / GNU libc
|
<=2.43 |
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die GNU libc ist die Basis C Bibliothek unter Linux sowie anderen Unix-Betriebssystemen, welche die Systemaufrufe sowie Basisfunktionalit\u00e4t bereitstellt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in GNU libc ausnutzen, um Dateien zu manipulieren, einen Denial-of-Service-Zustand zu verursachen oder andere, nicht n\u00e4her spezifizierte Angriffe durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-1190 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-1190.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-1190 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-1190"
},
{
"category": "external",
"summary": "OSS Security Mailing List vom 2026-04-20",
"url": "https://seclists.org/oss-sec/2026/q2/189"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-CED72AB158 vom 2026-04-30",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-ced72ab158"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2026:12740 vom 2026-05-01",
"url": "https://access.redhat.com/errata/RHSA-2026:12740"
},
{
"category": "external",
"summary": "Fedora Security Advisory FEDORA-2026-4B7780802C vom 2026-05-01",
"url": "https://bodhi.fedoraproject.org/updates/FEDORA-2026-4b7780802c"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10770-1 vom 2026-05-15",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RZ66BJVG5ICINPYD2UIFBTZGO2QB73FQ/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:20764-1 vom 2026-05-19",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KXZJBCTUEFVIXIGM4B4CGZUUH4CCN6SO/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21682-1 vom 2026-05-19",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026155.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21688-1 vom 2026-05-21",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026237.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21780-1 vom 2026-05-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026283.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21751-1 vom 2026-05-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026307.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:21807-1 vom 2026-05-27",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-May/026338.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2231-1 vom 2026-06-04",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026584.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:2333-1 vom 2026-06-10",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-June/026684.html"
}
],
"source_lang": "en-US",
"title": "GNU libc: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-06-10T22:00:00.000+00:00",
"generator": {
"date": "2026-06-11T10:26:02.682+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.6.0"
}
},
"id": "WID-SEC-W-2026-1190",
"initial_release_date": "2026-04-20T22:00:00.000+00:00",
"revision_history": [
{
"date": "2026-04-20T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-04-21T22:00:00.000+00:00",
"number": "2",
"summary": "Korrektur Versionsangabe, defekte Links entfernt"
},
{
"date": "2026-05-03T22:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates von Fedora und Red Hat aufgenommen"
},
{
"date": "2026-05-05T22:00:00.000+00:00",
"number": "4",
"summary": "CVE CVE-2026-5358 zur\u00fcckgezogen"
},
{
"date": "2026-05-17T22:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-05-18T22:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-05-19T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-21T22:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-26T22:00:00.000+00:00",
"number": "9",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-05-27T22:00:00.000+00:00",
"number": "10",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-06-04T22:00:00.000+00:00",
"number": "11",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-06-10T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Fedora Linux",
"product": {
"name": "Fedora Linux",
"product_id": "74185",
"product_identification_helper": {
"cpe": "cpe:/o:fedoraproject:fedora:-"
}
}
}
],
"category": "vendor",
"name": "Fedora"
},
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c=2.43",
"product": {
"name": "Open Source GNU libc \u003c=2.43",
"product_id": "T053037"
}
},
{
"category": "product_version_range",
"name": "\u003c=2.43",
"product": {
"name": "Open Source GNU libc \u003c=2.43",
"product_id": "T053037-fixed"
}
}
],
"category": "product_name",
"name": "GNU libc"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-5358",
"product_status": {
"known_affected": [
"T002207",
"T027843"
]
},
"release_date": "2026-04-20T22:00:00.000+00:00",
"title": "CVE-2026-5358"
},
{
"cve": "CVE-2026-5450",
"product_status": {
"known_affected": [
"T002207",
"67646",
"T027843",
"74185"
],
"last_affected": [
"T053037"
]
},
"release_date": "2026-04-20T22:00:00.000+00:00",
"title": "CVE-2026-5450"
},
{
"cve": "CVE-2026-5928",
"product_status": {
"known_affected": [
"T002207",
"67646",
"T027843",
"74185"
],
"last_affected": [
"T053037"
]
},
"release_date": "2026-04-20T22:00:00.000+00:00",
"title": "CVE-2026-5928"
}
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.