An update for glibc is now available for openEuler-24.03-LTS-SP1 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2026-2593 Final 1.0 1.0 2026-06-05 Initial 2026-06-05 2026-06-05 openEuler SA Tool V1.0 2026-06-05 glibc security update An update for glibc is now available for openEuler-24.03-LTS-SP1 The GNU C Library project provides the core libraries for the GNU system and GNU/Linux systems, as well as many other systems that use Linux as the kernel. These libraries provide critical APIs including ISO C11, POSIX.1-2008, BSD, OS-specific APIs and more. These APIs include such foundational facilities as open, read, write, malloc, printf, getaddrinfo, dlopen, pthread_create, crypt, login, exit and more. Security Fix(es): The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records.(CVE-2026-5435) The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions.(CVE-2026-6238) An update for glibc is now available for openEuler-24.03-LTS-SP1. openEuler Security has rated this update as having a security impact of high. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. High glibc https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2593 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-5435 https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-6238 https://nvd.nist.gov/vuln/detail/CVE-2026-5435 https://nvd.nist.gov/vuln/detail/CVE-2026-6238 openEuler-24.03-LTS-SP1 glibc-2.38-107.oe2403sp1.aarch64.rpm glibc-all-langpacks-2.38-107.oe2403sp1.aarch64.rpm glibc-common-2.38-107.oe2403sp1.aarch64.rpm glibc-debuginfo-2.38-107.oe2403sp1.aarch64.rpm glibc-debugsource-2.38-107.oe2403sp1.aarch64.rpm glibc-debugutils-2.38-107.oe2403sp1.aarch64.rpm glibc-devel-2.38-107.oe2403sp1.aarch64.rpm glibc-locale-archive-2.38-107.oe2403sp1.aarch64.rpm glibc-locale-source-2.38-107.oe2403sp1.aarch64.rpm glibc-nss-devel-2.38-107.oe2403sp1.aarch64.rpm libnsl-2.38-107.oe2403sp1.aarch64.rpm nscd-2.38-107.oe2403sp1.aarch64.rpm nss_modules-2.38-107.oe2403sp1.aarch64.rpm glibc-2.38-107.oe2403sp1.src.rpm glibc-2.38-107.oe2403sp1.x86_64.rpm glibc-all-langpacks-2.38-107.oe2403sp1.x86_64.rpm glibc-common-2.38-107.oe2403sp1.x86_64.rpm glibc-debuginfo-2.38-107.oe2403sp1.x86_64.rpm glibc-debugsource-2.38-107.oe2403sp1.x86_64.rpm glibc-debugutils-2.38-107.oe2403sp1.x86_64.rpm glibc-devel-2.38-107.oe2403sp1.x86_64.rpm glibc-locale-archive-2.38-107.oe2403sp1.x86_64.rpm glibc-locale-source-2.38-107.oe2403sp1.x86_64.rpm glibc-nss-devel-2.38-107.oe2403sp1.x86_64.rpm libnsl-2.38-107.oe2403sp1.x86_64.rpm nscd-2.38-107.oe2403sp1.x86_64.rpm nss_modules-2.38-107.oe2403sp1.x86_64.rpm glibc-help-2.38-107.oe2403sp1.noarch.rpm The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to enforce the caller-supplied buffer length, and can result in an out-of-bounds write when printing TSIG records. 2026-06-05 CVE-2026-5435 openEuler-24.03-LTS-SP1 High 7.3 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L glibc security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2593 The deprecated functions ns_printrrf, ns_printrr and fp_nquery in the GNU C Library version 2.2 and newer fail to validate the RDATA content against the RDATA length in a DNS response when processing LOC, CERT, TKEY or TSIG records, which may allow an attacker to craft a DNS response, causing a target application to crash or read uninitialized memory. These functions are for application debugging only and hence not in the path of code executed by the DNS resolver. Further, they have been deprecated since version 2.34 and should not be used by any new applications. Applications should consider porting away from these interfaces since they may be removed in future versions. 2026-06-05 CVE-2026-6238 openEuler-24.03-LTS-SP1 Medium 6.5 AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L glibc security update 2026-06-05 https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2593