Fabre

#1135230 glibc: CVE-2026-5435 #1135230

Package:: src:glibc

Source:: src:glibc

Submitter:: Salvatore Bonaccorso

Date:: 2026-06-22 17:37:01 UTC

Severity:: normal

Tags:

#1135230#5

Date:: 2026-04-29 18:44:00 UTC

From:

To:

Source: glibc
Version: 2.42-15
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=34033
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2.41-12
Control: found -1 2.41-12+deb13u2
Control: found -1 2.36-9
Control: found -1 2.36-9+deb12u13

Hi,

The following vulnerability was published for glibc. Filling mainly
for tracking.

CVE-2026-5435[0]:
| The deprecated functions ns_printrrf, ns_printrr and fp_nquery in
| the GNU C Library version 2.2 and newer fail to enforce the caller-
| supplied buffer length, and can result in an out-of-bounds write
| when printing TSIG records.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-5435
https://www.cve.org/CVERecord?id=CVE-2026-5435
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=34033
[2] https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0011

Regards,
Salvatore

#1135230 glibc: CVE-2026-5435 #1135230

Just Reply to ...

Reply to submitter ...

Send control command (Silently)

Set Architecture Tags (Silently)