Red Hat Product Errata RHSA-2026:18139 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:18139 - Security Advisory Overview Updated Packages Synopsis Moderate: glibc security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for glibc is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory (CVE-2025-15281) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 10 Release Notes linked from the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Fixes BZ - 2431196 - CVE-2025-15281 glibc: wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory RHEL-102553 - glibc: glibc-locale-source needs gzip due to compressed charmaps [rhel-10] RHEL-111490 - glibc: Auto-generate patch list, changelong entries and release numbers (core patch-git) RHEL-113195 - glibc: Ensure that elf/check-dt-x86-64-plt test runs [rhel-10.2] RHEL-72244 - glibc: Backport asprintf error hardening [rhel-10] RHEL-116641 - rpminspect flags glibc-minimal-langpack as empty RHEL-65838 - glibc: Document behavior of open_memstream wrt SEEK_END [rhel-10] RHEL-126046 - glibc: assert/test-assert-2 failure [rhel-10] RHEL-126049 - glibc: lint-makefiles failure for assert, stdio-common [rhel-10] RHEL-127524 - glibc: Document use of GPL version 3 RHEL-87645 - glibc: Add the RWF_ATOMIC flag [rhel-10] RHEL-126766 - glibc: Import bug fixes: 2.39 ? c10s (snapshot 8) RHEL-137184 - glibc: Locale updates for Bulgaria joining the Euro [rhel-10] RHEL-140103 - glibc: Update locales for Croatia to use EUR as currency symbol [rhel-10] CVEs CVE-2025-15281 References https://access.redhat.com/security/updates/classification/#moderate https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/10/html/10.2_release_notes/index Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM glibc-2.39-113.el10.src.rpm SHA-256: 6e8bdd6bdbbb07297b82a3794380b576845471f4fe5ed77139ab3869820f1c1b x86_64 glibc-2.39-113.el10.x86_64.rpm SHA-256: 6366957cc64485b6b75c4c7f8e0f15ac263ea7921762ad31ae97d9841c70ae26 glibc-all-langpacks-2.39-113.el10.x86_64.rpm SHA-256: f3cec5f2b62b91433e11405834762c8fdf1f1d06d96894e3f7323b4cb18db58f glibc-benchtests-debuginfo-2.39-113.el10.x86_64.rpm SHA-256: 43f4c06eb356b8c053f261bb25715315612341ef72459b0a4f514915ee5325c0 glibc-benchtests-debuginfo-2.39-113.el10.x86_64.rpm SHA-256: 43f4c06eb356b8c053f261bb25715315612341ef72459b0a4f514915ee5325c0 glibc-common-2.39-113.el10.x86_64.rpm SHA-256: 8ba824368b113751ec483105bdef5fbfb074761d5ab8f9067e6c5c61b54afda8 glibc-common-debuginfo-2.39-113.el10.x86_64.rpm SHA-256: 172d9951b2baeaa64c2c853aa4437f88de8f29052dbd472a5f9a2a30a31cdd53 glibc-common-debuginfo-2.39-113.el10.x86_64.rpm SHA-256: 172d9951b2baeaa64c2c853aa4437f88de8f29052dbd472a5f9a2a30a31cdd53 glibc-debuginfo-2.39-113.el10.x86_64.rpm SHA-256: fa864fd1824c2bfeda0f911a7edda6a26135c570afd06602dde1652756102bec glibc-debuginfo-2.39-113.el10.x86_64.rpm SHA-256: fa864fd1824c2bfeda0f911a7edda6a26135c570afd06602dde1652756102bec glibc-debugsource-2.39-113.el10.x86_64.rpm SHA-256: 86bea836638c14b601eabb3194a5d3a0ac7d81f5620eb50bb9a832b5751ac62d glibc-debugsource-2.39-113.el10.x86_64.rpm SHA-256: 86bea836638c14b601eabb3194a5d3a0ac7d81f5620eb50bb9a832b5751ac62d glibc-devel-2.39-113.el10.x86_64.rpm SHA-256: 55ee376b47d0bd90c0e485475b721d6c10f2edb03aff1f4d3398849bdd051dcd glibc-doc-2.39-113.el10.noarch.rpm SHA-256: 6fcd397d1169ed902addfcca18e1e6ede7d66db42e944c59206c6e4cd1333176 glibc-gconv-extra-2.39-113.el10.x86_64.rpm SHA-256: c2ba8c31e30fe322623b6316d4b07dbf8ace37c05dc9413671f27f466e284d5f glibc-gconv-extra-debuginfo-2.39-113.el10.x86_64.rpm SHA-256: 43b3ce56be517a57933f2b8cb76943a37bb69a4a7c31f5521025b09b05a4d393 glibc-gconv-extra-debuginfo-2.39-113.el10.x86_64.rpm SHA-256: 43b3ce56be517a57933f2b8cb76943a37bb69a4a7c31f5521025b09b05a4d393 glibc-langpack-aa-2.39-113.el10.x86_64.rpm SHA-256: 0c3f2fa6784f22489129abd57af050ba59ac5a979cce5cd9ca2a6d73af8e6693 glibc-langpack-af-2.39-113.el10.x86_64.rpm SHA-256: 3b6fdff4341776175ca8cef3c611dbad23cf91e5f63bb696f1a75e786941f5aa glibc-langpack-agr-2.39-113.el10.x86_64.rpm SHA-256: 14317210ff2e57afb2d5667e6358f942075793d5c92798fa043ce19b1a2548bb glibc-langpack-ak-2.39-113.el10.x86_64.rpm SHA-256: 0f50b4ac5c99fed2de2229f1f5d142a04d0b15e14c6eedab7e48fb319f702134 glibc-langpack-am-2.39-113.el10.x86_64.rpm SHA-256: 6f0381bc9a708438ab2d0cdad8d8c7ad66635e21ce33f27d2955774133997bb4 glibc-langpack-an-2.39-113.el10.x86_64.rpm SHA-256: 7118eea07ffacfbcb523ce61aa961aec80b16f1983ec10424c48a7aacb6e5f3d glibc-langpack-anp-2.39-113.el10.x86_64.rpm SHA-256: 9bc6047d8f98393a217fcc1d8d2706fb863386c00aaf97857bb56e4570af5b14 glibc-langpack-ar-2.39-113.el10.x86_64.rpm SHA-256: 11cd9b22ffedca09383695a193adfe8eb9086c0ba5f8136dfd89eb7aa08e3693 glibc-langpack-as-2.39-113.el10.x86_64.rpm SHA-256: 42af131a54bf0794381c142755afd20cf37aa3bbc62a57dddc5e2c83d612364d glibc-langpack-ast-2.39-113.el10.x86_64.rpm SHA-256: 9012853f48715f393eec4bcc8ad206e4f28977d59d093fc86d5fa5c02a1ff1c6 glibc-langpack-ayc-2.39-113.el10.x86_64.rpm SHA-256: 9e6d92de8905df4211fb980303a27056f8c6eb5c183a0c0d7e7e5651f10eb46d glibc-langpack-az-2.39-113.el10.x86_64.rpm SHA-256: 3a2d2f6ed4e0c93773f6aa7c1a93d9476923aeaf069d7e78d7900d3340c214dc glibc-langpack-be-2.39-113.el10.x86_64.rpm SHA-256: 37a3bdd82a1fba2b295dedc028206e12a5c1be6476d0548a84ae5a2e3e7bdfef glibc-langpack-bem-2.39-113.el10.x86_64.rpm SHA-256: e5addf4f2e02037cbb4febaf04a610a580c6712d3403fad825cf9803de767abd glibc-langpack-ber-2.39-113.el10.x86_64.rpm SHA-256: 5e1d103180b5c55dddecf6b7a22cf826185a0580f35eb61e48e2a5f8fe812595 glibc-langpack-bg-2.39-113.el10.x86_64.rpm SHA-256: 06dcb729d8772818bc9585e723691a31d7c384520b8912fd9e85b000a31753c2 glibc-langpack-bhb-2.39-113.el10.x86_64.rpm SHA-256: 1e6e18b8beb6c69bccfc82b1c3062bae9d698c6cf09f6b1472f07ae5c83e6855 glibc-langpack-bho-2.39-113.el10.x86_64.rpm SHA-256: 819ddc69c879f67fe68266617626389c5416cefe8c6283ed815c2d06cc0166d5 glibc-langpack-bi-2.39-113.el10.x86_64.rpm SHA-256: 45b6113ff2bb403b79f0610a0cc5cbf26a8f46e75db6df5088973ed31b3d2e56 glibc-langpack-bn-2.39-113.el10.x86_64.rpm SHA-256: 124bf4b9878412c6d790ec5d42093a11834d768bf8f6305a7b8b1c93a8fe395c glibc-langpack-bo-2.39-113.el10.x86_64.rpm SHA-256: 500d7cd27cb5e65399d56e5a21e570e7f9b823f7b8ae721e8b5fe7e24a29d36f glibc-langpack-br-2.39-113.el10.x86_64.rpm SHA-256: 74840f077d73e4ece69f9397eb60780bd55085ab537e9e2a0c20d10f2697cb90 glibc-langpack-brx-2.39-113.el10.x86_64.rpm SHA-256: 3b96b1064021bc0ef1f21fec2997b1b0065d40e1481fa0c84cce370d97ad03af glibc-langpack-bs-2.39-113.el10.x86_64.rpm SHA-256: 8e9461dd889f8934a786e59c6c19fb39e59e1ccd3004eea77fab8bc89a71735e glibc-langpack-byn-2.39-113.el10.x86_64.rpm SHA-256: 9da7c0f3de28e0d1b4f48bca98488416e26b75bdb8e1ca05e54b0cfc700d18e9 glibc-langpack-ca-2.39-113.el10.x86_64.rpm SHA-256: 71c24a6881255ef8f09c19f9cd8a5602675f6ed3d9b72b19b4858f6273a8c1d4 glibc-langpack-ce-2.39-113.el10.x86_64.rpm SHA-256: c8da303d496224fdf246e6a2ef4b26b84508305888a675b84bf3455d1524ae1f glibc-langpack-chr-2.39-113.el10.x86_64.rpm SHA-256: 394384af4297c0a1529c9c0ed21eafc7c5ee10de9a5866149a4be214da48d92c glibc-langpack-ckb-2.39-113.el10.x86_64.rpm SHA-256: 4a6d536caa30b91e03ab764c687ebc11f842c1bb1f83a58ca5a2089e42ffc7d7 glibc-langpack-cmn-2.39-113.el10.x86_64.rpm SHA-256: 26326e95f1ee23eef7970a57a3de041783aea6377e6e20b98fc7976b6761edd1 glibc-langpack-crh-2.39-113.el10.x86_64.rpm SHA-256: a3f09eab4f61f5ea1220c0acbaf29836dc03e961e3fff5dc9f2f4a2effbcdd03 glibc-langpack-cs-2.39-113.el10.x86_64.rpm SHA-256: 820a53d7cd3b6067cda100c7aa34d1764bacc8387db5c1ece4e23f2d2d158f57 glibc-langpack-csb-2.39-113.el10.x86_64.rpm SHA-256: e2d3a6697eef3db47d642edbffac848a797763da560fbc456e252e3a403cab77 glibc-langpack-cv-2.39-113.el10.x86_64.rpm SHA-256: d1b0928ca95d486f36db93c26beffe53987c1a07e46269f48617f4861cc2ce2f glibc-langpack-cy-2.39-113.el10.x86_64.rpm SHA-256: 2a93c97b9dc2d95b1dd013e4f48397bf3de420f82038ead38090f9ef5fefab3f glibc-langpack-da-2.39-113.el10.x86_64.rpm SHA-256: 732d7d92070b354659ce9b2f0ec96e8aa025869105d114ce422d4b3b0e94c483 glibc-langpack-de-2.39-113.el10.x86_64.rpm SHA-256: 05976106cf6d08cd61a80c5dd65b262fcb3e201ac515e744a1a5af7dbb600c74 glibc-langpack-doi-2.39-113.el10.x86_64.rpm SHA-256: a2d9dcbd97d71586dfad1039a27e5c48bb167c4bc8401d555378cb3a5189c598 glibc-langpack-dsb-2.39-113.el10.x86_64.rpm SHA-256: 068bde836e7