摘要:
glibc security update
安全等级: Medium
公告ID: KylinSec-SA-2025-2814
发布日期: 2025年9月20日
关联CVE: CVE-2025-8058
The GNU C Library project provides the core libraries for the GNU system and
GNU/Linux systems, as well as many other systems that use Linux as the kernel.
These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD,
OS-specific APIs and more. These APIs include such foundational facilities as
open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt,
login, exit and more.
Security Fix(es):
The regcomp function in the GNU C library version from 2.4 to 2.41 is
subject to a double free if some previous allocation fails. It can be
accomplished either by a malloc failure or by using an interposed malloc
that injects random malloc failures. The double free can allow buffer
manipulation depending of how the regex is constructed. This issue
affects all architectures and ABIs supported by the GNU C library.(CVE-2025-8058)
| cve名称 | 产品 | 组件 | 是否受影响 |
|---|---|---|---|
| CVE-2025-8058 | KY3.5.3 | glibc | Fixed |
| CVE-2025-8058 | KY3.5.2 | glibc | Fixed |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| glibc-help | noarch | 2.34-170.ky3_5.kb1 |
| glibc | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-all-langpacks | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-common | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-compat-2.17 | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-devel | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-locale-archive | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-locale-source | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-nss-devel | x86_64 | 2.34-170.ky3_5.kb1 |
| libnsl | x86_64 | 2.34-170.ky3_5.kb1 |
| nscd | x86_64 | 2.34-170.ky3_5.kb1 |
| nss_modules | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-all-langpacks | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-common | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-compat-2.17 | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-devel | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-locale-archive | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-locale-source | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-nss-devel | aarch64 | 2.34-170.ky3_5.kb1 |
| libnsl | aarch64 | 2.34-170.ky3_5.kb1 |
| nscd | aarch64 | 2.34-170.ky3_5.kb1 |
| nss_modules | aarch64 | 2.34-170.ky3_5.kb1 |
| 软件名称 | 架构 | 版本号 |
|---|---|---|
| glibc-help | noarch | 2.34-170.ky3_5.kb1 |
| glibc | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-all-langpacks | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-common | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-compat-2.17 | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-devel | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-locale-archive | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-locale-source | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc-nss-devel | x86_64 | 2.34-170.ky3_5.kb1 |
| libnsl | x86_64 | 2.34-170.ky3_5.kb1 |
| nscd | x86_64 | 2.34-170.ky3_5.kb1 |
| nss_modules | x86_64 | 2.34-170.ky3_5.kb1 |
| glibc | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-all-langpacks | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-common | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-compat-2.17 | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-devel | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-locale-archive | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-locale-source | aarch64 | 2.34-170.ky3_5.kb1 |
| glibc-nss-devel | aarch64 | 2.34-170.ky3_5.kb1 |
| libnsl | aarch64 | 2.34-170.ky3_5.kb1 |
| nscd | aarch64 | 2.34-170.ky3_5.kb1 |
| nss_modules | aarch64 | 2.34-170.ky3_5.kb1 |
方法一:下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存,如 xxx.rpm
2、通过rpm命令升级,如 rpm -Uvh xxx.rpm
方法二:通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包,如 yum install 包名
