glibc-2.17-326.99.0.1.el7.AXS7

エラータID: AXSA:2025-10920:15

Release date: 
Friday, October 3, 2025 - 11:55
Subject: 
glibc-2.17-326.99.0.1.el7.AXS7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

Security Fix(es):
* CVE-2025-4802: prevent untrusted LD_LIBRARY_PATH from loading dynamically shared libraries in statically compiled binaries that call dlopen
* CVE-2019-9169: fix heap-based buffer over-read in proceed_next_node function in posix/regexec.c

CVE(s):
CVE-2025-4802
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
CVE-2019-9169
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.

Solution: 

Update packages.

CVEs: 
CVE-2025-4802
Untrusted LD_LIBRARY_PATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen (including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo).
CVE-2019-9169
In the GNU C Library (aka glibc or libc6) through 2.29, proceed_next_node in posix/regexec.c has a heap-based buffer over-read via an attempted case-insensitive regular-expression match.
Additional Info: 

N/A

Download: 

Asianux Server 7 for x86_64
  1. glibc-2.17-326.99.0.1.el7.AXS7.i686.rpm
    MD5: a52e6be184b1e3f1a64df5fd1d94a3d2
    SHA-256: ab359fd62447b444f40874ca3b1c457c2f5e0ec3ec51112f1a6cfb8f212acca8
    Size: 4.26 MB
  2. glibc-2.17-326.99.0.1.el7.AXS7.x86_64.rpm
    MD5: b55c7814f09a3ab2905f05492a7b57f4
    SHA-256: 5af08cb86dc7a3422605992775e7d05814c9300a743ab6833e455e403cc04558
    Size: 3.64 MB
  3. glibc-common-2.17-326.99.0.1.el7.AXS7.x86_64.rpm
    MD5: 29a31b7bf4c0ef85c27fb8fc5adb8964
    SHA-256: a2c56b2cadf5007cd59cb94f74f339d7b207573300e30a5debfb6379ee26a980
    Size: 11.50 MB
  4. glibc-devel-2.17-326.99.0.1.el7.AXS7.i686.rpm
    MD5: 9dcd9d8c60fbe834b36e63c85d5ff9c2
    SHA-256: 2dc06015873ec75b892310bf1d5ba6b6320f348a7357f7053a8a9ad080ae81fb
    Size: 1.08 MB
  5. glibc-devel-2.17-326.99.0.1.el7.AXS7.x86_64.rpm
    MD5: b421b9b19f837f03de82d865841aaf45
    SHA-256: 9937efef5cf5b1984e45959187762aa50496f55ad618da8491cbe1bad4e3baf0
    Size: 1.08 MB
  6. glibc-headers-2.17-326.99.0.1.el7.AXS7.x86_64.rpm
    MD5: 0ec05ebdb3f1058bbfee6aaa1724f5bf
    SHA-256: ed9ae3c15bf7297469adbf545a17d7f28ca38989f9fc956dbd503856111da763
    Size: 691.64 kB
  7. glibc-utils-2.17-326.99.0.1.el7.AXS7.x86_64.rpm
    MD5: 9bfea16005f134b49609e2d1558a75de
    SHA-256: ed41657c7e4ba0681472a3fb34a0a2b61c660ca78309ad865542d4a4d0dc2198
    Size: 230.07 kB
  8. nscd-2.17-326.99.0.1.el7.AXS7.x86_64.rpm
    MD5: ea5c116c251d9e6b54a8eb8c184b92e0
    SHA-256: 6e326c504c539fddb186a00a1c22e544eeed1aa8ed9d75cdc40b6d3d839a8563
    Size: 289.33 kB