Home / mailings [USN-8005-1] GNU C Library vulnerabilities
Posted on 04 February 2026
Ubuntu Security==========================================================================Ubuntu Security Notice USN-8005-1
February 03, 2026
glibc vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in GNU C Library.
Software Description:
- glibc: GNU C Library
Details:
Vitaly Simonovich discovered that the GNU C Library did not properly
initialize the input when WRDE_REUSE is used. An attacker could possibly
use this issue to cause applications to crash, leading to a denial of
service. (CVE-2025-15281)
Anastasia Belova discovered that the GNU C Library incorrectly handled
the regcomp function when memory allocation failures occured. An attacker
could possibly use this issue to cause applications to crash, leading to
a denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
(CVE-2025-8058)
Igor Morgenstern discovered that the GNU C Library incorrectly handled
the memalign function when doing memory allocation. An attacker could
possibly use this issue to cause applications to crash, leading to a
denial of service, or possibly execute arbitrary code. This issue only
affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu
25.10. (CVE-2026-0861)
Igor Morgenstern discovered that the GNU C Library incorrectly handled
certain DNS backend when queries for a zero-valued network. An attacker
could possibly use this issue to cause a denial of service or obtain
sensitive information. (CVE-2026-0915)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 25.10
libc6 2.42-0ubuntu3.1
nscd 2.42-0ubuntu3.1
Ubuntu 24.04 LTS
libc6 2.39-0ubuntu8.7
nscd 2.39-0ubuntu8.7
Ubuntu 22.04 LTS
libc6 2.35-0ubuntu3.13
nscd 2.35-0ubuntu3.13
Ubuntu 20.04 LTS
libc6 2.31-0ubuntu9.18+esm1
Available with Ubuntu Pro
nscd 2.31-0ubuntu9.18+esm1
Available with Ubuntu Pro
Ubuntu 18.04 LTS
libc6 2.27-3ubuntu1.6+esm6
Available with Ubuntu Pro
nscd 2.27-3ubuntu1.6+esm6
Available with Ubuntu Pro
Ubuntu 16.04 LTS
libc6 2.23-0ubuntu11.3+esm9
Available with Ubuntu Pro
nscd 2.23-0ubuntu11.3+esm9
Available with Ubuntu Pro
After a standard system update you need to reboot your computer to make
all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-8005-1
CVE-2025-15281, CVE-2025-8058, CVE-2026-0861, CVE-2026-0915
Package Information:
https://launchpad.net/ubuntu/+source/glibc/2.42-0ubuntu3.1
https://launchpad.net/ubuntu/+source/glibc/2.39-0ubuntu8.7
https://launchpad.net/ubuntu/+source/glibc/2.35-0ubuntu3.13
--===============4141571848953093114==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
