NIXPKGS-2026-1204

GitHub issue published on

Permalink CVE-2026-5358

updated 1 week ago by @LeSuisse Activity log

Created suggestion 1 week, 1 day ago
@LeSuisse ignored
28 packages
- libc
- iconv
- getent
- locale
- mtrace
- getconf
- libiconv
- glibcInfo
- glibc_multi
- glibcLocales
- glibc_memusage
- glibcLocalesUtf8
- unixtools.getent
- unixtools.locale
- unixtools.getconf
- minimal-bootstrap.glibc
- tests.hardeningFlags.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions
1 week ago
@LeSuisse accepted 1 week ago
@LeSuisse published on GitHub 1 week ago

Static buffer overflow in deprecated nis_local_principal

The obsolete nis_local_principal function in the GNU C Library version 2.43 and older may overflow a buffer in the data section, which could allow an attacker to spoof a crafted response to a UDP request generated by this function and overwrite neighboring static data in the requesting application. NIS support is obsolete and has been deprecated in the GNU C Library since version 2.26 and is only maintained for legacy usage. Applications should port away from NIS to more modern identity and access management services.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=34067

Affected products

glibc

=<2.43

Matching in nixpkgs

pkgs.glibc

GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

Ignored packages (28)

pkgs.libc

GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.iconv

GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.getent

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.locale

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.getconf

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.libiconv

None

nixos-unstable 2.42
- nixpkgs-unstable 2.42
- nixos-unstable-small 2.42
nixos-25.11 2.40
- nixos-25.11-small 2.40
- nixpkgs-25.11-darwin 2.40

pkgs.glibcInfo

GNU Info manual of the GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibc_multi

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibcLocales

Locale information for the GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibc_memusage

GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.unixtools.getent

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.unixtools.locale

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.unixtools.getconf

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.minimal-bootstrap.glibc

The GNU C Library

nixos-unstable 2.42
- nixpkgs-unstable 2.42
- nixos-unstable-small 2.42

pkgs.tests.hardeningFlags.glibcxxassertionsStdenvUnsupp

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@balsoft Alexander Bantyev <balsoft75@gmail.com>
@pyrox0 Pyrox <pyrox@pyrox.dev>
@infinisil Silvan Mosberger <contact@infinisil.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>

https://www.openwall.com/lists/oss-security/2026/04/20/9

Nixpkgs security tracker

Details of issue NIXPKGS-2026-1204

References

Affected products

Matching in nixpkgs

pkgs.glibc

pkgs.libc

pkgs.iconv

pkgs.getent

pkgs.locale

pkgs.mtrace

pkgs.getconf

pkgs.libiconv

pkgs.glibcInfo

pkgs.glibc_multi

pkgs.glibcLocales

pkgs.glibc_memusage

pkgs.glibcLocalesUtf8

pkgs.unixtools.getent

pkgs.unixtools.locale

pkgs.unixtools.getconf

pkgs.minimal-bootstrap.glibc

pkgs.tests.hardeningFlags.glibcxxassertionsStdenvUnsupp

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitEnabled

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitDisabled

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

pkgs.tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

pkgs.tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions

pkgs.tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions

Package maintainers