An update for glibc is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2025-2045 Final 1.0 1.0 2025-08-15 Initial 2025-08-15 2025-08-15 openEuler SA Tool V1.0 2025-08-15 glibc security update An update for glibc is now available for openEuler-24.03-LTS-SP1 The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more. Security Fix(es): The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library.(CVE-2025-8058) An update for glibc is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium glibc https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2045 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2025-8058 https://nvd.nist.gov/vuln/detail/CVE-2025-8058 openEuler-24.03-LTS-SP1 glibc-2.38-65.oe2403sp1.aarch64.rpm glibc-all-langpacks-2.38-65.oe2403sp1.aarch64.rpm glibc-common-2.38-65.oe2403sp1.aarch64.rpm glibc-debuginfo-2.38-65.oe2403sp1.aarch64.rpm glibc-debugsource-2.38-65.oe2403sp1.aarch64.rpm glibc-debugutils-2.38-65.oe2403sp1.aarch64.rpm glibc-devel-2.38-65.oe2403sp1.aarch64.rpm glibc-locale-archive-2.38-65.oe2403sp1.aarch64.rpm glibc-locale-source-2.38-65.oe2403sp1.aarch64.rpm glibc-nss-devel-2.38-65.oe2403sp1.aarch64.rpm libnsl-2.38-65.oe2403sp1.aarch64.rpm nscd-2.38-65.oe2403sp1.aarch64.rpm nss_modules-2.38-65.oe2403sp1.aarch64.rpm glibc-2.38-65.oe2403sp1.src.rpm glibc-2.38-65.oe2403sp1.x86_64.rpm glibc-all-langpacks-2.38-65.oe2403sp1.x86_64.rpm glibc-common-2.38-65.oe2403sp1.x86_64.rpm glibc-debuginfo-2.38-65.oe2403sp1.x86_64.rpm glibc-debugsource-2.38-65.oe2403sp1.x86_64.rpm glibc-debugutils-2.38-65.oe2403sp1.x86_64.rpm glibc-devel-2.38-65.oe2403sp1.x86_64.rpm glibc-locale-archive-2.38-65.oe2403sp1.x86_64.rpm glibc-locale-source-2.38-65.oe2403sp1.x86_64.rpm glibc-nss-devel-2.38-65.oe2403sp1.x86_64.rpm libnsl-2.38-65.oe2403sp1.x86_64.rpm nscd-2.38-65.oe2403sp1.x86_64.rpm nss_modules-2.38-65.oe2403sp1.x86_64.rpm glibc-help-2.38-65.oe2403sp1.noarch.rpm The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It can be accomplished either by a malloc failure or by using an interposed malloc that injects random malloc failures. The double free can allow buffer manipulation depending of how the regex is constructed. This issue affects all architectures and ABIs supported by the GNU C library. 2025-08-15 CVE-2025-8058 openEuler-24.03-LTS-SP1 Medium 4.2 AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L glibc security update 2025-08-15 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-2045