1. 漏洞描述

The GNU C Library project provides the core libraries for the GNU system and
GNU/Linux systems, as well as many other systems that use Linux as the kernel.
These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD,
OS-specific APIs and more. These APIs include such foundational facilities as
open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt,
login, exit and more.

Security Fix(es):

The regcomp function in the GNU C library version from 2.4 to 2.41 is
subject to a double free if some previous allocation fails. It can be
accomplished either by a malloc failure or by using an interposed malloc
that injects random malloc failures. The double free can allow buffer
manipulation depending of how the regex is constructed. This issue
affects all architectures and ABIs supported by the GNU C library.(CVE-2025-8058)

2. 影响范围

3. 影响组件

4. 修复版本

5. 修复方法

方法一：下载安装包进行升级安装
1、通过下载链接下载需要升级的升级包保存，如 xxx.rpm
2、通过rpm命令升级，如 rpm -Uvh xxx.rpm

方法二：通过软件源进行升级安装
1、保持能够连接上互联网
2、通过yum命令升级指定的包，如 yum install 包名

6. 下载链接

KY3.4-5A:

x86_64:

     glibc-help   

     glibc   

     glibc-all-langpacks   

     glibc-benchtests   

     glibc-common   

     glibc-compat-2.17   

     glibc-devel   

     glibc-locale-source   

     glibc-nss-devel   

     libnsl   

     nscd   

     nss_modules   

aarch64:

     glibc-help   

     glibc   

     glibc-all-langpacks   

     glibc-benchtests   

     glibc-common   

     glibc-compat-2.17   

     glibc-devel   

     glibc-locale-source   

     glibc-nss-devel   

     libnsl   

     nscd   

     nss_modules