Nixpkgs Security Tracker

Permalink CVE-2026-4438

updated 6 days, 11 hours ago by @LeSuisse Activity log

Created automatic suggestion 1 week, 1 day ago
@LeSuisse removed
26 packages
- tests.hardeningFlags.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions
- iconv
- getent
- locale
- mtrace
- getconf
- libiconv
- glibcInfo
- glibc_multi
- glibcLocales
- glibc_memusage
- glibcLocalesUtf8
- unixtools.getent
- unixtools.locale
- unixtools.getconf
6 days, 11 hours ago
@LeSuisse accepted 6 days, 11 hours ago
@LeSuisse published on GitHub 6 days, 11 hours ago

gethostbyaddr and gethostbyaddr_r return invalid DNS hostnames

Calling gethostbyaddr or gethostbyaddr_r with a configured nsswitch.conf that specifies the library's DNS backend in the GNU C library version 2.34 to version 2.43 could result in an invalid DNS hostname being returned to the caller in violation of the DNS specification.

References

https://sourceware.org/bugzilla/show_bug.cgi?id=34015

Affected products

glibc

=<2.43

Matching in nixpkgs

pkgs.libc

GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibc

GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.minimal-bootstrap.glibc

The GNU C Library

nixos-unstable 2.42
- nixpkgs-unstable 2.42
- nixos-unstable-small 2.42

Ignored packages (26)

pkgs.iconv

GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.getent

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.locale

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.mtrace

Perl script used to interpret and provide human readable output of the trace log contained in the file mtracedata, whose contents were produced by mtrace(3)

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.getconf

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.libiconv

None

nixos-unstable 2.42
- nixpkgs-unstable 2.42
- nixos-unstable-small 2.42
nixos-25.11 2.40
- nixos-25.11-small 2.40
- nixpkgs-25.11-darwin 2.40

pkgs.glibcInfo

GNU Info manual of the GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibc_multi

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibcLocales

Locale information for the GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibc_memusage

GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.glibcLocalesUtf8

Locale information for the GNU C Library

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.unixtools.getent

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.unixtools.locale

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.unixtools.getconf

None

nixos-unstable 2.42-51
- nixpkgs-unstable 2.42-51
- nixos-unstable-small 2.42-51
nixos-25.11 2.40-218
- nixos-25.11-small 2.40-218
- nixpkgs-25.11-darwin 2.40-218

pkgs.tests.hardeningFlags.glibcxxassertionsStdenvUnsupp

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

pkgs.tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions

None

nixos-unstable -
- nixpkgs-unstable
- nixos-unstable-small
nixos-25.11 -
- nixos-25.11-small
- nixpkgs-25.11-darwin

Package maintainers

@infinisil Silvan Mosberger <contact@infinisil.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>
@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
@balsoft Alexander Bantyev <balsoft75@gmail.com>
@pyrox0 Pyrox <pyrox@pyrox.dev>
@06kellyjac Jack <hello+nixpkgs@j-k.io>
@emilytrau Emily Trau <emily+nix@downunderctf.com>
@Artturin Artturi N <artturin@artturin.com>
@Gskartwii Aleksi Hannula <ahannula4@gmail.com>
@Ericson2314 John Ericson <John.Ericson@Obsidian.Systems>
@siraben Siraphob Phipathananunth <bensiraphob@gmail.com>
@alejandrosame Alejandro Sánchez Medina <alejandrosanchzmedina@gmail.com>

Proposed patch: https://inbox.sourceware.org/libc-alpha/20260320194250.1089143-1-carlos@redhat.com/
Proposed advisory: https://inbox.sourceware.org/libc-alpha/20260320194804.1089897-2-carlos@redhat.com/

Permalink CVE-2026-0861

8.4 HIGH

CVSS version: 3.1
Attack vector (AV): LOCAL
Attack complexity (AC): LOW
Privileges required (PR): NONE
User interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality impact (C): HIGH
Integrity impact (I): HIGH
Availability impact (A): HIGH

updated 2 months, 1 week ago by @LeSuisse Activity log

Created automatic suggestion 2 months, 1 week ago
@LeSuisse removed
21 packages
- tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled
- tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled
- tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions
- tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions
- glibcLocalesUtf8
- unixtools.getent
- unixtools.locale
- unixtools.getconf
- getent
- locale
- iconv
- mtrace
- getconf
- libiconv
- glibcInfo
- glibcLocales
2 months, 1 week ago
@LeSuisse accepted 2 months, 1 week ago
@LeSuisse published on GitHub 2 months, 1 week ago

Integer overflow in memalign leads to heap corruption

Passing too large an alignment to the memalign suite of functions (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the GNU C Library version 2.30 to 2.42 may result in an integer overflow, which could consequently result in a heap corruption.

References

Affected products

glibc

=<2.42

Matching in nixpkgs

pkgs.libc

GNU C Library

nixos-unstable 2.40-66
- nixpkgs-unstable 2.40-66
- nixos-unstable-small 2.40-66

pkgs.glibc

GNU C Library

nixos-unstable 2.40-66
- nixpkgs-unstable 2.40-66
- nixos-unstable-small 2.40-66

pkgs.glibc_multi

None

nixos-unstable 2.40-66
- nixpkgs-unstable 2.40-66
- nixos-unstable-small 2.40-66

pkgs.glibc_memusage

GNU C Library

nixos-unstable 2.40-66
- nixpkgs-unstable 2.40-66
- nixos-unstable-small 2.40-66

Package maintainers

@ConnorBaker Connor Baker <ConnorBaker01@gmail.com>
@Ma27 Maximilian Bosch <maximilian@mbosch.me>

https://sourceware.org/git/?p=glibc.git;a=blob_plain;f=advisories/GLIBC-SA-2026-0001

Suggestions search

References

Affected products

Matching in nixpkgs

pkgs.libc

pkgs.glibc

pkgs.minimal-bootstrap.glibc

pkgs.iconv

pkgs.getent

pkgs.locale

pkgs.mtrace

pkgs.getconf

pkgs.libiconv

pkgs.glibcInfo

pkgs.glibc_multi

pkgs.glibcLocales

pkgs.glibc_memusage

pkgs.glibcLocalesUtf8

pkgs.unixtools.getent

pkgs.unixtools.locale

pkgs.unixtools.getconf

pkgs.tests.hardeningFlags.glibcxxassertionsStdenvUnsupp

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitEnabled

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsStdenvUnsupp

pkgs.tests.hardeningFlags.glibcxxassertionsExplicitDisabled

pkgs.tests.hardeningFlags-clang.glibcxxassertionsStdenvUnsupp

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitEnabled

pkgs.tests.hardeningFlags.allExplicitDisabledGlibcxxAssertions

pkgs.tests.hardeningFlags-gcc.glibcxxassertionsExplicitDisabled

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitEnabled

pkgs.tests.hardeningFlags-clang.glibcxxassertionsExplicitDisabled

pkgs.tests.hardeningFlags-gcc.allExplicitDisabledGlibcxxAssertions

pkgs.tests.hardeningFlags-clang.allExplicitDisabledGlibcxxAssertions

Package maintainers

References

Affected products

Matching in nixpkgs

pkgs.libc

pkgs.glibc

pkgs.glibc_multi

pkgs.glibc_memusage

Package maintainers