Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Integer overflow in memalign leads to heap corruption. (CVE-2026-0861)

getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler. (CVE-2026-0915)

References:
https://www.openwall.com/lists/oss-security/2026/01/16/5
https://www.openwall.com/lists/oss-security/2026/01/16/6
========================

Updated packages in core/updates_testing:
========================
glibc-2.36-58.mga9
glibc-devel-2.36-58.mga9
glibc-doc-2.36-58.mga9
glibc-i18ndata-2.36-58.mga9
glibc-profile-2.36-58.mga9
glibc-static-devel-2.36-58.mga9
glibc-utils-2.36-58.mga9
nscd-2.36-58.mga9

from SRPM:
glibc-2.36-58.mga9.src.rpm

Source RPM: glibc-2.42-2.mga10.src.rpm, glibc-2.36-57.mga9.src.rpm => glibc-2.36-57.mga9.src.rpm
Whiteboard: MGA9TOO => (none)
Version: Cauldron => 9
Status comment: Patches available from upstream => (none)
Flags: affects_mga9+ => (none)
Status: NEW => ASSIGNED
Assignee: bugsquad => qa-bugs

MGA9-64 server Plasma Wayland on Compaq H000SB.
No installation issues.
After reboot all seems to work OK.

CC: (none) => herman.viaene

mga9_64, installed
 glibc-devel-2.36-58.mga9.x86_64
 glibc-2.36-58.mga9.x86_64

Dont know how to test, but dkms built Virtualbox kmod OK.

CC: (none) => fri

Ryzen AMD 3015e, Picasso/Raven 2 graphics, AX200 wifi

- glibc-2.36-58.mga9 was picked up in another update

The following package is going to be installed:

- nscd-2.36-58.mga9.x86_64


-- IPL

system has been working fine with nscd.  glibc has been tested by default when it was picked up prior

CC: (none) => brtians1

Reference:
https://www.openwall.com/lists/oss-security/2026/01/20/3

Summary: glibc new security issues CVE-2026-0861 and CVE-2026-0915 => glibc new security issues CVE-2026-0861, CVE-2026-0915 and CVE-2025-15281
CVE: CVE-2026-0861, CVE-2026-0915 => CVE-2026-0861, CVE-2026-0915, CVE-2025-15281
Assignee: qa-bugs => nicolas.salguero

Suggested advisory:
========================

The updated packages fix security vulnerabilities:

Integer overflow in memalign leads to heap corruption. (CVE-2026-0861)

getnetbyaddr and getnetbyaddr_r leak stack contents to DNS resovler. (CVE-2026-0915)

wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory. (CVE-2025-15281)

References:
https://www.openwall.com/lists/oss-security/2026/01/16/5
https://www.openwall.com/lists/oss-security/2026/01/16/6
https://www.openwall.com/lists/oss-security/2026/01/20/3
========================

Updated packages in core/updates_testing:
========================
glibc-2.36-59.mga9
glibc-devel-2.36-59.mga9
glibc-doc-2.36-59.mga9
glibc-i18ndata-2.36-59.mga9
glibc-profile-2.36-59.mga9
glibc-static-devel-2.36-59.mga9
glibc-utils-2.36-59.mga9
nscd-2.36-59.mga9

from SRPM:
glibc-2.36-59.mga9.src.rpm

Assignee: nicolas.salguero => qa-bugs

RH x86_64

installing glibc-devel-2.36-59.mga9.x86_64.rpm glibc-2.36-59.mga9.x86_64.rpm from //home/katnatek/qa-testing/x86_64
Preparing...                     ###################################################################################################
      1/2: glibc                 ###################################################################################################
      2/2: glibc-devel           ###################################################################################################
      1/2: removing glibc-devel-6:2.36-57.mga9.x86_64
                                 ###################################################################################################
      2/2: removing glibc-6:2.36-57.mga9.x86_64
                                 ###################################################################################################
You should restart your computer for glibc
Error: Missing /usr/lib64/gconv/gconv-modules.cache

Reboot

Looks good for the moment

MGA9-64 server Plasma Wayland on Compaq H000SB.
No installation issues.
After reboot all seems to work as well as before.

Ryzen AMD 3015e, Picasso/Raven 2 graphics, AX200 wifi

The following 2 packages are going to be installed:

- glibc-2.36-59.mga9.x86_64
- nscd-2.36-59.mga9.x86_64


-- IPL

Laptop working as expected.

x86_64 updated installed packages:

- glibc-2.36-59.mga9.x86_64
- glibc-devel-2.36-59.mga9.x86_64

rebooted, using, no problems noted.
This is my workstation.

$ inxi -SMGN
System:
  Host: svarten.tribun Kernel: 6.18.4-server-3.stabletesting.mga9 arch: x86_64
    bits: 64
  Desktop: KDE Plasma v: 5.27.10 Distro: Mageia 9
Machine:
  Type: Desktop Mobo: ASRock model: P55 Pro serial: <superuser required>
    BIOS: American Megatrends v: P2.60 date: 08/20/2010
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] Navi 24 [Radeon RX 6400/6500
    XT/6500M] driver: amdgpu v: kernel
  Display: x11 server: X.org v: 1.21.1.21 with: Xwayland v: 22.1.9 driver:
    X: loaded: amdgpu,v4l dri: radeonsi gpu: amdgpu resolution: 3840x2160~60Hz
  API: EGL v: 1.5 drivers: kms_swrast,radeonsi,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.6 compat-v: 4.5 vendor: amd mesa v: 25.0.7 renderer: AMD
    Radeon RX 6400 (radeonsi navi24 LLVM 15.0.6 DRM 3.64
    6.18.4-server-3.stabletesting.mga9)
Network:
  Device-1: Realtek RTL8111/8168/8411 PCI Express Gigabit Ethernet
    driver: r8169

i586 OK updated on my T43, LXDE

Some surfing, kernel testing, text edit


[ettan@localhost ~]$ rpm -qa | grep glibc
glibc-2.36-59.mga9
glibc-devel-2.36-59.mga9

[ettan@localhost ~]$ inxi -SMCGN
System:
  Host: localhost Kernel: 6.6.120-desktop586-1.mga9 arch: i686 bits: 32
  Desktop: LXDE v: 0.10.1 Distro: Mageia 9
Machine:
  Type: Laptop System: IBM product: 2668R1G v: ThinkPad T43
    serial: <superuser required>
  Mobo: IBM model: 2668R1G serial: <superuser required> BIOS: IBM
    v: 1YET62WW (1.27 ) date: 05/18/2006
CPU:
  Info: single core model: Intel Pentium M bits: 32 cache: 2 MiB note: check
  Speed (MHz): 800 min/max: 800/1866 core: 1: 800
Graphics:
  Device-1: Advanced Micro Devices [AMD/ATI] RV370/M22 [Mobility Radeon X300]
    driver: radeon v: kernel
  Display: x11 server: X.org v: 1.21.1.8 with: Xwayland v: 22.1.9 driver: X:
    loaded: radeon,v4l dri: r300 gpu: radeon resolution: 1024x768~60Hz
  API: EGL v: 1.4,1.5 drivers: kms_swrast,r300,swrast
    platforms: gbm,x11,surfaceless,device
  API: OpenGL v: 4.5 compat-v: 2.1 vendor: mesa v: 25.0.7 renderer: llvmpipe
    (LLVM 15.0.6 128 bits)
Network:
  Device-1: Broadcom NetXtreme BCM5751M Gigabit Ethernet PCI Express
    driver: tg3
  Device-2: Intel PRO/Wireless 2200BG [Calexico2] Network driver: ipw2200

MGA9-64, GNOME, AMD Ryzen 5600, Nvidia 1050

The following 2 packages are going to be installed:

- glibc-2.36-59.mga9.x86_64
- glibc-devel-2.36-59.mga9.x86_64

---rebooted

- Nvidia working

$ lsmod | grep nvidia
nvidia_uvm           2031616  0
nvidia_drm            135168  5
drm_kms_helper        233472  1 nvidia_drm
nvidia_modeset       1638400  7 nvidia_drm
video                  73728  1 nvidia_modeset
nvidia              104157184  82 nvidia_uvm,nvidia_modeset
drm                   794624  9 drm_kms_helper,nvidia,nvidia_drm



- system behaving as expected.

Used for two days now on two computers without issues. 

Validating.

Keywords: (none) => validated_update
Whiteboard: (none) => MGA9-64-OK MGA9-32-OK
CC: (none) => andrewsfarm, sysadmin-bugs

An update for this issue has been pushed to the Mageia Updates repository.

https://advisories.mageia.org/MGASA-2026-0022.html

Status: ASSIGNED => RESOLVED
Resolution: (none) => FIXED