Bug#1125678: glibc: CVE-2026-0861

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#1125678: glibc: CVE-2026-0861
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Thu, 15 Jan 2026 22:00:01 +0100
Message-id: <[🔎] 176851080120.2671351.13460605640544296230.reportbug@eldamar.lan>
Reply-to: Salvatore Bonaccorso <carnil@debian.org>, 1125678@bugs.debian.org

Source: glibc
Version: 2.42-7
Severity: important
Tags: security upstream
Forwarded: https://sourceware.org/bugzilla/show_bug.cgi?id=33796
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Control: found -1 2.41-12+deb13u1
Control: found -1 2.36-9+deb12u7
Control: found -1 2.36-9+deb12u13

Hi,

The following vulnerability was published for glibc.

CVE-2026-0861[0]:
| Passing too large an alignment to the memalign suite of functions
| (memalign, posix_memalign, aligned_alloc, valloc, pvalloc) in the
| GNU C Library version 2.30 to 2.42 may result in an integer
| overflow, which could consequently result in a heap corruption.


If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2026-0861
    https://www.cve.org/CVERecord?id=CVE-2026-0861
[1] https://sourceware.org/bugzilla/show_bug.cgi?id=33796

Regards,
Salvatore

Reply to:

Follow-Ups:
- Processed: glibc: CVE-2026-0861
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>
- Bug#1125678: marked as done (glibc: CVE-2026-0861)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: [Git][glibc-team/glibc][sid] debian/testsuite-xfail-debian.mk: Update hurd results
Next by Date: Processed: glibc: CVE-2026-0861
Previous by thread: [Git][glibc-team/glibc][sid] debian/testsuite-xfail-debian.mk: Update hurd results
Next by thread: Processed: glibc: CVE-2026-0861
Index(es):
- Date
- Thread