------------------------------------------------------------------------- Debian LTS Advisory DLA-4143-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Sean Whitton April 30, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : glibc Version : 2.31-13+deb11u12 CVE ID : CVE-2025-0395 A flaw was discovered in the implementation of the assert() function in the GNU C Library, the C standard library implementation used by Debian. When the assertion fails, the implementation does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size. For Debian 11 bullseye, this problem has been fixed in version 2.31-13+deb11u12. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glibc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature