From 512c6e427244195a241442decc8e892fd1d0db8e Mon Sep 17 00:00:00 2001 From: Azure Linux Security Servicing Account Date: Wed, 28 Jan 2026 11:27:36 +0000 Subject: [PATCH] Patch glibc for CVE-2025-0395 --- SPECS/glibc/CVE-2025-0395.patch | 70 +++++++++++++++++++ SPECS/glibc/glibc.spec | 6 +- .../manifests/package/pkggen_core_aarch64.txt | 14 ++-- .../manifests/package/pkggen_core_x86_64.txt | 14 ++-- .../manifests/package/toolchain_aarch64.txt | 18 ++--- .../manifests/package/toolchain_x86_64.txt | 18 ++--- 6 files changed, 107 insertions(+), 33 deletions(-) create mode 100644 SPECS/glibc/CVE-2025-0395.patch diff --git a/SPECS/glibc/CVE-2025-0395.patch b/SPECS/glibc/CVE-2025-0395.patch new file mode 100644 index 00000000000..26b453e4e78 --- /dev/null +++ b/SPECS/glibc/CVE-2025-0395.patch @@ -0,0 +1,70 @@ +From c2c6d3c5852bd195a63cd0cb732fb9e6cd540f24 Mon Sep 17 00:00:00 2001 +From: Florian Weimer +Date: Wed, 22 Jan 2025 17:22:02 +0100 +Subject: [PATCH] Fix underallocation of abort_msg_s struct (CVE-2025-0395) + +Include the space needed to store the length of the message itself, in +addition to the message string. This resolves BZ #32582. + +Signed-off-by: Siddhesh Poyarekar +Reviewed: Adhemerval Zanella +(cherry picked from commit 68ee0f704cb81e9ad0a78c644a83e1e9cd2ee578) + +Conflict in sysdeps/posix/libc_fatal.c due to missing cleanup after +backtrace removal. + +Signed-off-by: Azure Linux Security Servicing Account +Upstream-reference: https://github.com/bminor/glibc/commit/8b5d4be762419c4f6176261c6fea40ac559b88dc.patch +--- + assert/assert.c | 4 +++- + sysdeps/posix/libc_fatal.c | 5 +++-- + 2 files changed, 6 insertions(+), 3 deletions(-) + +diff --git a/assert/assert.c b/assert/assert.c +index 133a183b..9e55eeb4 100644 +--- a/assert/assert.c ++++ b/assert/assert.c +@@ -18,6 +18,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -64,7 +65,8 @@ __assert_fail_base (const char *fmt, const char *assertion, const char *file, + (void) __fxprintf (NULL, "%s", str); + (void) fflush (stderr); + +- total = (total + 1 + GLRO(dl_pagesize) - 1) & ~(GLRO(dl_pagesize) - 1); ++ total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1, ++ GLRO(dl_pagesize)); + struct abort_msg_s *buf = __mmap (NULL, total, PROT_READ | PROT_WRITE, + MAP_ANON | MAP_PRIVATE, -1, 0); + if (__glibc_likely (buf != MAP_FAILED)) +diff --git a/sysdeps/posix/libc_fatal.c b/sysdeps/posix/libc_fatal.c +index 2ee0010b..dfa07805 100644 +--- a/sysdeps/posix/libc_fatal.c ++++ b/sysdeps/posix/libc_fatal.c +@@ -20,6 +20,7 @@ + #include + #include + #include ++#include + #include + #include + #include +@@ -125,8 +126,8 @@ __libc_message (enum __libc_message_action action, const char *fmt, ...) + + if ((action & do_abort)) + { +- total = ((total + 1 + GLRO(dl_pagesize) - 1) +- & ~(GLRO(dl_pagesize) - 1)); ++ total = ALIGN_UP (total + sizeof (struct abort_msg_s) + 1, ++ GLRO(dl_pagesize)); + struct abort_msg_s *buf = __mmap (NULL, total, + PROT_READ | PROT_WRITE, + MAP_ANON | MAP_PRIVATE, -1, 0); +-- +2.45.4 + diff --git a/SPECS/glibc/glibc.spec b/SPECS/glibc/glibc.spec index d5dbc49d2d7..79a1857a032 100644 --- a/SPECS/glibc/glibc.spec +++ b/SPECS/glibc/glibc.spec @@ -7,7 +7,7 @@ Summary: Main C library Name: glibc Version: 2.35 -Release: 8%{?dist} +Release: 9%{?dist} License: BSD AND GPLv2+ AND Inner-Net AND ISC AND LGPLv2+ AND MIT Vendor: Microsoft Corporation Distribution: Mariner @@ -37,6 +37,7 @@ Patch11: CVE-2024-33600.patch Patch12: CVE-2024-33601.patch Patch13: CVE-2026-0861.patch Patch14: CVE-2026-0915.patch +Patch15: CVE-2025-0395.patch BuildRequires: bison BuildRequires: gawk BuildRequires: gettext @@ -329,6 +330,9 @@ grep "^FAIL: nptl/tst-eintr1" tests.sum >/dev/null && n=$((n+1)) ||: %defattr(-,root,root) %changelog +* Wed Jan 28 2026 Azure Linux Security Servicing Account - 2.35-9 +- Patch for CVE-2025-0395 + * Wed Jan 21 2026 Azure Linux Security Servicing Account - 2.35-8 - Patch for CVE-2026-0915, CVE-2026-0861 diff --git a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt index eec2df9b4f3..dcd21249cab 100644 --- a/toolkit/resources/manifests/package/pkggen_core_aarch64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_aarch64.txt @@ -1,12 +1,12 @@ filesystem-1.1-20.cm2.aarch64.rpm kernel-headers-5.15.186.1-1.cm2.noarch.rpm -glibc-2.35-8.cm2.aarch64.rpm -glibc-devel-2.35-8.cm2.aarch64.rpm -glibc-i18n-2.35-8.cm2.aarch64.rpm -glibc-iconv-2.35-8.cm2.aarch64.rpm -glibc-lang-2.35-8.cm2.aarch64.rpm -glibc-nscd-2.35-8.cm2.aarch64.rpm -glibc-tools-2.35-8.cm2.aarch64.rpm +glibc-2.35-9.cm2.aarch64.rpm +glibc-devel-2.35-9.cm2.aarch64.rpm +glibc-i18n-2.35-9.cm2.aarch64.rpm +glibc-iconv-2.35-9.cm2.aarch64.rpm +glibc-lang-2.35-9.cm2.aarch64.rpm +glibc-nscd-2.35-9.cm2.aarch64.rpm +glibc-tools-2.35-9.cm2.aarch64.rpm zlib-1.2.13-2.cm2.aarch64.rpm zlib-devel-1.2.13-2.cm2.aarch64.rpm file-5.40-3.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt index 59f94fb1de9..eaf035b387b 100644 --- a/toolkit/resources/manifests/package/pkggen_core_x86_64.txt +++ b/toolkit/resources/manifests/package/pkggen_core_x86_64.txt @@ -1,12 +1,12 @@ filesystem-1.1-20.cm2.x86_64.rpm kernel-headers-5.15.186.1-1.cm2.noarch.rpm -glibc-2.35-8.cm2.x86_64.rpm -glibc-devel-2.35-8.cm2.x86_64.rpm -glibc-i18n-2.35-8.cm2.x86_64.rpm -glibc-iconv-2.35-8.cm2.x86_64.rpm -glibc-lang-2.35-8.cm2.x86_64.rpm -glibc-nscd-2.35-8.cm2.x86_64.rpm -glibc-tools-2.35-8.cm2.x86_64.rpm +glibc-2.35-9.cm2.x86_64.rpm +glibc-devel-2.35-9.cm2.x86_64.rpm +glibc-i18n-2.35-9.cm2.x86_64.rpm +glibc-iconv-2.35-9.cm2.x86_64.rpm +glibc-lang-2.35-9.cm2.x86_64.rpm +glibc-nscd-2.35-9.cm2.x86_64.rpm +glibc-tools-2.35-9.cm2.x86_64.rpm zlib-1.2.13-2.cm2.x86_64.rpm zlib-devel-1.2.13-2.cm2.x86_64.rpm file-5.40-3.cm2.x86_64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_aarch64.txt b/toolkit/resources/manifests/package/toolchain_aarch64.txt index 3a3c3c4f997..d66c972e1f1 100644 --- a/toolkit/resources/manifests/package/toolchain_aarch64.txt +++ b/toolkit/resources/manifests/package/toolchain_aarch64.txt @@ -106,15 +106,15 @@ glib-debuginfo-2.71.0-9.cm2.aarch64.rpm glib-devel-2.71.0-9.cm2.aarch64.rpm glib-doc-2.71.0-9.cm2.noarch.rpm glib-schemas-2.71.0-9.cm2.aarch64.rpm -glibc-2.35-8.cm2.aarch64.rpm -glibc-debuginfo-2.35-8.cm2.aarch64.rpm -glibc-devel-2.35-8.cm2.aarch64.rpm -glibc-i18n-2.35-8.cm2.aarch64.rpm -glibc-iconv-2.35-8.cm2.aarch64.rpm -glibc-lang-2.35-8.cm2.aarch64.rpm -glibc-nscd-2.35-8.cm2.aarch64.rpm -glibc-static-2.35-8.cm2.aarch64.rpm -glibc-tools-2.35-8.cm2.aarch64.rpm +glibc-2.35-9.cm2.aarch64.rpm +glibc-debuginfo-2.35-9.cm2.aarch64.rpm +glibc-devel-2.35-9.cm2.aarch64.rpm +glibc-i18n-2.35-9.cm2.aarch64.rpm +glibc-iconv-2.35-9.cm2.aarch64.rpm +glibc-lang-2.35-9.cm2.aarch64.rpm +glibc-nscd-2.35-9.cm2.aarch64.rpm +glibc-static-2.35-9.cm2.aarch64.rpm +glibc-tools-2.35-9.cm2.aarch64.rpm gmp-6.2.1-4.cm2.aarch64.rpm gmp-debuginfo-6.2.1-4.cm2.aarch64.rpm gmp-devel-6.2.1-4.cm2.aarch64.rpm diff --git a/toolkit/resources/manifests/package/toolchain_x86_64.txt b/toolkit/resources/manifests/package/toolchain_x86_64.txt index 47e2795228a..bbf64756db8 100644 --- a/toolkit/resources/manifests/package/toolchain_x86_64.txt +++ b/toolkit/resources/manifests/package/toolchain_x86_64.txt @@ -111,15 +111,15 @@ glib-debuginfo-2.71.0-9.cm2.x86_64.rpm glib-devel-2.71.0-9.cm2.x86_64.rpm glib-doc-2.71.0-9.cm2.noarch.rpm glib-schemas-2.71.0-9.cm2.x86_64.rpm -glibc-2.35-8.cm2.x86_64.rpm -glibc-debuginfo-2.35-8.cm2.x86_64.rpm -glibc-devel-2.35-8.cm2.x86_64.rpm -glibc-i18n-2.35-8.cm2.x86_64.rpm -glibc-iconv-2.35-8.cm2.x86_64.rpm -glibc-lang-2.35-8.cm2.x86_64.rpm -glibc-nscd-2.35-8.cm2.x86_64.rpm -glibc-static-2.35-8.cm2.x86_64.rpm -glibc-tools-2.35-8.cm2.x86_64.rpm +glibc-2.35-9.cm2.x86_64.rpm +glibc-debuginfo-2.35-9.cm2.x86_64.rpm +glibc-devel-2.35-9.cm2.x86_64.rpm +glibc-i18n-2.35-9.cm2.x86_64.rpm +glibc-iconv-2.35-9.cm2.x86_64.rpm +glibc-lang-2.35-9.cm2.x86_64.rpm +glibc-nscd-2.35-9.cm2.x86_64.rpm +glibc-static-2.35-9.cm2.x86_64.rpm +glibc-tools-2.35-9.cm2.x86_64.rpm gmp-6.2.1-4.cm2.x86_64.rpm gmp-debuginfo-6.2.1-4.cm2.x86_64.rpm gmp-devel-6.2.1-4.cm2.x86_64.rpm