Skip to content

Commit 1dd2286

Browse files
authored
[Medium] Patch glibc for CVE-2026-4437 and CVE-2026-4438 (#16288)
1 parent f3e5a74 commit 1dd2286

23 files changed

Lines changed: 711 additions & 80 deletions

File tree

SPECS-EXTENDED/buildah/buildah.spec

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ Epoch: 0
3030
Version: 1.41.4
3131
# The `AND` needs to be uppercase in the License for SPDX compatibility
3232
License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0
33-
Release: 6%{?dist}
33+
Release: 7%{?dist}
3434
Vendor: Microsoft Corporation
3535
Distribution: Azure Linux
3636
ExclusiveArch: aarch64 ppc64le s390x x86_64
@@ -43,7 +43,7 @@ BuildRequires: device-mapper-devel
4343
BuildRequires: git-core
4444
BuildRequires: golang >= 1.16.6
4545
BuildRequires: glib2-devel
46-
BuildRequires: glibc-static >= 2.38-18%{?dist}
46+
BuildRequires: glibc-static >= 2.38-19%{?dist}
4747
%if !%{defined gobuild}
4848
BuildRequires: go-rpm-macros
4949
%endif
@@ -173,6 +173,9 @@ make test-unit
173173
%{_datadir}/%{name}/test
174174

175175
%changelog
176+
* Wed Mar 25 2026 Aditya Singh <v-aditysing@microsoft.com> - 0:1.41.4-7
177+
- Bump to rebuild with updated glibc
178+
176179
* Thu Jan 22 2026 Kanishk Bansal <kanbansal@microsoft.com> - 0:1.41.4-6
177180
- Bump to rebuild with updated glibc
178181

SPECS-EXTENDED/catatonit/catatonit.spec

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@ Distribution: Azure Linux
33

44
Name: catatonit
55
Version: 0.1.7
6-
Release: 26%{?dist}
6+
Release: 27%{?dist}
77
Summary: A signal-forwarding process manager for containers
88
License: GPLv3+
99
URL: https://github.com/openSUSE/catatonit
@@ -13,7 +13,7 @@ BuildRequires: automake
1313
BuildRequires: file
1414
BuildRequires: gcc
1515
BuildRequires: git
16-
BuildRequires: glibc-static >= 2.38-18%{?dist}
16+
BuildRequires: glibc-static >= 2.38-19%{?dist}
1717
BuildRequires: libtool
1818
BuildRequires: make
1919

@@ -61,6 +61,9 @@ ln -s %{_libexecdir}/%{name}/%{name} %{buildroot}%{_libexecdir}/podman/%{name}
6161
%{_libexecdir}/podman/%{name}
6262

6363
%changelog
64+
* Wed Mar 25 2026 Aditya Singh <v-aditysing@microsoft.com> - 0.1.7-27
65+
- Bump to rebuild with updated glibc
66+
6467
* Thu Jan 22 2026 Kanishk Bansal <kanbansal@microsoft.com> - 0.1.7-26
6568
- Bump to rebuild with updated glibc
6669

SPECS-EXTENDED/crun/crun.spec

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
Summary: OCI runtime written in C
1313
Name: crun
1414
Version: 1.24
15-
Release: 3%{?dist}
15+
Release: 4%{?dist}
1616
Vendor: Microsoft Corporation
1717
Distribution: Azure Linux
1818
URL: https://github.com/containers/%{name}
@@ -48,7 +48,7 @@ BuildRequires: wasmedge-devel
4848
%endif
4949

5050
BuildRequires: python
51-
BuildRequires: glibc-static >= 2.38-18%{?dist}
51+
BuildRequires: glibc-static >= 2.38-19%{?dist}
5252
Provides: oci-runtime
5353

5454
%description
@@ -114,6 +114,9 @@ rm -rf %{buildroot}%{_prefix}/lib*
114114
%endif
115115

116116
%changelog
117+
* Wed Mar 25 2026 Aditya Singh <v-aditysing@microsoft.com> - 1.24-4
118+
- Bump to rebuild with updated glibc
119+
117120
* Thu Jan 22 2026 Kanishk Bansal <kanbansal@microsoft.com> - 1.24-3
118121
- Bump to rebuild with updated glibc
119122

SPECS-EXTENDED/dyninst/dyninst.spec

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: An API for Run-time Code Generation
22
License: LGPLv2+
33
Name: dyninst
4-
Release: 28%{?dist}
4+
Release: 29%{?dist}
55
Vendor: Microsoft Corporation
66
Distribution: Azure Linux
77
URL: http://www.dyninst.org
@@ -31,7 +31,7 @@ BuildRequires: tbb tbb-devel
3131

3232
# Extra requires just for the testsuite
3333
BuildRequires: gcc-gfortran libstdc++-static libxml2-devel
34-
BuildRequires: glibc-static >= 2.38-18%{?dist}
34+
BuildRequires: glibc-static >= 2.38-19%{?dist}
3535

3636
# Testsuite files should not provide/require anything
3737
%{?filter_setup:
@@ -194,6 +194,9 @@ echo "%{_libdir}/dyninst" > %{buildroot}/etc/ld.so.conf.d/%{name}-%{_arch}.conf
194194
%attr(644,root,root) %{_libdir}/dyninst/testsuite/*.a
195195

196196
%changelog
197+
* Wed Mar 25 2026 Aditya Singh <v-aditysing@microsoft.com> - 10.1.0-29
198+
- Bump to rebuild with updated glibc
199+
197200
* Thu Jan 22 2026 Kanishk Bansal <kanbansal@microsoft.com> - 10.1.0-28
198201
- Bump to rebuild with updated glibc
199202

SPECS-EXTENDED/podman/podman.spec

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ Epoch: 0
3131
# If you're reading this on dist-git, the version is automatically filled in by Packit.
3232
Version: 5.6.1
3333
License: Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND ISC AND MIT AND MPL-2.0
34-
Release: 7%{?dist}
34+
Release: 8%{?dist}
3535
ExclusiveArch: aarch64 ppc64le s390x x86_64 riscv64
3636
Summary: Manage Pods, Containers and Container Images
3737
Vendor: Microsoft Corporation
@@ -48,7 +48,7 @@ BuildRequires: btrfs-progs-devel
4848
BuildRequires: gcc
4949
BuildRequires: glib2-devel
5050
BuildRequires: glibc-devel
51-
BuildRequires: glibc-static >= 2.38-18%{?dist}
51+
BuildRequires: glibc-static >= 2.38-19%{?dist}
5252
BuildRequires: golang
5353
BuildRequires: git-core
5454

@@ -298,6 +298,9 @@ make localunit
298298

299299
# rhcontainerbot account currently managed by lsm5
300300
%changelog
301+
* Wed Mar 25 2026 Aditya Singh <v-aditysing@microsoft.com> - 0:5.6.1-8
302+
- Bump to rebuild with updated glibc
303+
301304
* Thu Jan 22 2026 Kanishk Bansal <kanbansal@microsoft.com> - 0:5.6.1-7
302305
- Bump to rebuild with updated glibc
303306

SPECS/busybox/busybox.spec

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
Summary: Statically linked binary providing simplified versions of system commands
22
Name: busybox
33
Version: 1.36.1
4-
Release: 22%{?dist}
4+
Release: 23%{?dist}
55
License: GPLv2
66
Vendor: Microsoft Corporation
77
Distribution: Azure Linux
@@ -20,7 +20,7 @@ Patch6: CVE-2023-39810.patch
2020
Patch7: CVE-2022-48174.patch
2121
Patch8: CVE-2026-26157.patch
2222
BuildRequires: gcc
23-
BuildRequires: glibc-static >= 2.38-18%{?dist}
23+
BuildRequires: glibc-static >= 2.38-19%{?dist}
2424
BuildRequires: libselinux-devel >= 1.27.7-2
2525
BuildRequires: libsepol-devel
2626
%if 0%{?with_check}
@@ -110,6 +110,9 @@ cd testsuite
110110
%{_mandir}/man1/busybox.petitboot.1.gz
111111

112112
%changelog
113+
* Wed Mar 25 2026 Aditya Singh <v-aditysing@microsoft.com> - 1.36.1-23
114+
- Bump to rebuild with updated glibc
115+
113116
* Mon Feb 16 2026 Azure Linux Security Servicing Account <azurelinux-security@microsoft.com> - 1.36.1-22
114117
- Patch for CVE-2026-26157
115118

SPECS/flannel/flannel.spec

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,7 @@
33
Summary: Simple and easy way to configure a layer 3 network fabric designed for Kubernetes
44
Name: flannel
55
Version: 0.24.2
6-
Release: 24%{?dist}
6+
Release: 25%{?dist}
77
License: ASL 2.0
88
Vendor: Microsoft Corporation
99
Distribution: Azure Linux
@@ -19,7 +19,7 @@ Patch4: CVE-2024-51744.patch
1919
Patch5: CVE-2025-65637.patch
2020
BuildRequires: gcc
2121
BuildRequires: glibc-devel
22-
BuildRequires: glibc-static >= 2.38-18%{?dist}
22+
BuildRequires: glibc-static >= 2.38-19%{?dist}
2323
BuildRequires: golang < 1.25
2424
BuildRequires: kernel-headers
2525

@@ -53,6 +53,9 @@ install -p -m 755 -t %{buildroot}%{_bindir} ./dist/flanneld
5353
%{_bindir}/flanneld
5454

5555
%changelog
56+
* Wed Mar 25 2026 Aditya Singh <v-aditysing@microsoft.com> - 0.24.2-25
57+
- Bump to rebuild with updated glibc
58+
5659
* Thu Jan 22 2026 Kanishk Bansal <kanbansal@microsoft.com> - 0.24.2-24
5760
- Bump to rebuild with updated glibc
5861

0 commit comments

Comments
 (0)