------------------------------------------------------------------------- Debian LTS Advisory DLA-4181-1 debian-lts@lists.debian.org https://www.debian.org/lts/security/ Sean Whitton May 27, 2025 https://wiki.debian.org/LTS ------------------------------------------------------------------------- Package : glibc Version : 2.31-13+deb11u13 CVE ID : CVE-2025-4802 A flaw was discovered in the dynamic linking support in the GNU C Library, the C standard library implementation used by Debian. Privilege escalation may be possible in statically compiled setuid binaries that call dlopen(), due to an untrusted LD_LIBRARY_PATH environment variable vulnerability. This includes calls to dlopen() internal to glibc itself, made after user calls to setlocale() or to NSS functions such as getaddrinfo(). For Debian 11 bullseye, this problem has been fixed in version 2.31-13+deb11u13. We recommend that you upgrade your glibc packages. For the detailed security status of glibc please refer to its security tracker page at: https://security-tracker.debian.org/tracker/glibc Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS
Attachment:
signature.asc
Description: PGP signature