- What: glibc security update released
- Impact: Red Hat Enterprise Linux 10 systems affected
Red Hat Product Errata RHSA-2026:19061 - Security Advisory Issued: 2026-05-19 Updated: 2026-05-19 RHSA-2026:19061 - Security Advisory Overview Updated Packages Synopsis Moderate: glibc security update Type/Severity Security Advisory: Moderate Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for glibc is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix(es): glibc: glibc: Incorrect DNS response parsing via crafted DNS server response (CVE-2026-4437) glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions (CVE-2026-4438) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux for x86_64 10 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Update Support 10.2 x86_64 Red Hat Enterprise Linux for IBM z Systems 10 s390x Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 10.2 s390x Red Hat Enterprise Linux for Power, little endian 10 ppc64le Red Hat Enterprise Linux for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat Enterprise Linux for ARM 64 10 aarch64 Red Hat Enterprise Linux for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat CodeReady Linux Builder for x86_64 10 x86_64 Red Hat CodeReady Linux Builder for Power, little endian 10 ppc64le Red Hat CodeReady Linux Builder for ARM 64 10 aarch64 Red Hat CodeReady Linux Builder for IBM z Systems 10 s390x Red Hat CodeReady Linux Builder for x86_64 - Extended Update Support 10.2 x86_64 Red Hat CodeReady Linux Builder for Power, little endian - Extended Update Support 10.2 ppc64le Red Hat CodeReady Linux Builder for IBM z Systems - Extended Update Support 10.2 s390x Red Hat CodeReady Linux Builder for ARM 64 - Extended Update Support 10.2 aarch64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 10.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 10.2 s390x Red Hat Enterprise Linux for Power, little endian - 4 years of support 10.2 ppc64le Red Hat Enterprise Linux for x86_64 - 4 years of updates 10.2 x86_64 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 10.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 10.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 10.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 10.2 s390x Fixes BZ - 2449777 - CVE-2026-4437 glibc: glibc: Incorrect DNS response parsing via crafted DNS server response BZ - 2449783 - CVE-2026-4438 glibc: glibc: Invalid DNS hostname returned via gethostbyaddr functions RHEL-142193 - glibc: Remove default value for LD_PROFILE_OUTPUT [rhel-10] RHEL-140226 - glibc: Remove trailing tabs from changelog lines [rhel-10] RHEL-150270 - glibc: backport of bug 28940, missing checks in __nss_database_get [rhel-10] RHEL-151554 - glibc: Import bug fixes: 2.39 ? c10s (snapshot 9) RHEL-139419 - glibc: Include glibc trylock patch fix in RHEL update releases [rhel-10] RHEL-142675 - glibc: Avoid duplicate DNS queries if "." is in DNS search path [rhel-10] CVEs CVE-2026-4437 CVE-2026-4438 References https://access.redhat.com/security/updates/classification/#moderate Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux for x86_64 10 SRPM glibc-2.39-121.el10_2.src.rpm SHA-256: 198428adeeea9445bd416461a6bffa6ad8d37973f06e004ee8bd056409a23957 x86_64 glibc-2.39-121.el10_2.x86_64.rpm SHA-256: 97533d5826d73faf0ecdecda601721a34d383919b91789235041131cf6f81d2b glibc-all-langpacks-2.39-121.el10_2.x86_64.rpm SHA-256: 7063f2c04341185448f2f2f4271e2c9d54632bcc67872c0f0646dbb0aacb2ff2 glibc-benchtests-debuginfo-2.39-121.el10_2.x86_64.rpm SHA-256: 7e30bfe74f1186522e7b567429d7f9d818abc65cc7fe39047af54b9b2a853d71 glibc-benchtests-debuginfo-2.39-121.el10_2.x86_64.rpm SHA-256: 7e30bfe74f1186522e7b567429d7f9d818abc65cc7fe39047af54b9b2a853d71 glibc-common-2.39-121.el10_2.x86_64.rpm SHA-256: 86dd54a331ec1f5c3f1e01f6e1bcb9f3de62ff859b88d9f9532cbb6058ce684c glibc-common-debuginfo-2.39-121.el10_2.x86_64.rpm SHA-256: 41fb51b5ea0611f946c211075c054b144b44805c613a7fc600b91bd20162a171 glibc-common-debuginfo-2.39-121.el10_2.x86_64.rpm SHA-256: 41fb51b5ea0611f946c211075c054b144b44805c613a7fc600b91bd20162a171 glibc-debuginfo-2.39-121.el10_2.x86_64.rpm SHA-256: 0a6972c71004fcc55b163bad00731bdea521d6017a92cfa77062d78440e56da0 glibc-debuginfo-2.39-121.el10_2.x86_64.rpm SHA-256: 0a6972c71004fcc55b163bad00731bdea521d6017a92cfa77062d78440e56da0 glibc-debugsource-2.39-121.el10_2.x86_64.rpm SHA-256: 51db5d6e332fd966510f2b09eae10d49a8107906c3aee1d794f4caad3269e366 glibc-debugsource-2.39-121.el10_2.x86_64.rpm SHA-256: 51db5d6e332fd966510f2b09eae10d49a8107906c3aee1d794f4caad3269e366 glibc-devel-2.39-121.el10_2.x86_64.rpm SHA-256: ca18a3c279a7409d8d0ea6df4d6c83107d62d727d7aa3fc8ca13f6d7c16762a4 glibc-doc-2.39-121.el10_2.noarch.rpm SHA-256: dc07938c27818cf8b8e3f10a2c17305146da15ccc5746e184e45ab7d9991ac61 glibc-gconv-extra-2.39-121.el10_2.x86_64.rpm SHA-256: 302365dc36ec1f0e51af86bbdcd360724bb6eee15fb506a10f3a343978f4be11 glibc-gconv-extra-debuginfo-2.39-121.el10_2.x86_64.rpm SHA-256: 664b6c188e214f10aad296199ee65c15bf795703d1b2d533de2d758bfc9076e6 glibc-gconv-extra-debuginfo-2.39-121.el10_2.x86_64.rpm SHA-256: 664b6c188e214f10aad296199ee65c15bf795703d1b2d533de2d758bfc9076e6 glibc-langpack-aa-2.39-121.el10_2.x86_64.rpm SHA-256: 763f4d29c59514225ac090c5e070eae5ea19e31e407e3e51da229139743feee4 glibc-langpack-af-2.39-121.el10_2.x86_64.rpm SHA-256: 172d8bffd56800621c25b0ca3d0c141ad815ccd8eeecbe424d66939384db925f glibc-langpack-agr-2.39-121.el10_2.x86_64.rpm SHA-256: db7317753d6cb8dbba907bff265ac2aa3662ea40446d9fb6d9f9fc53b67bcf98 glibc-langpack-ak-2.39-121.el10_2.x86_64.rpm SHA-256: c28e1d8f5d87d20af75baec3f68f15ef8f53932e58909ca4bb986cb86587b50e glibc-langpack-am-2.39-121.el10_2.x86_64.rpm SHA-256: d8a924d054dad1daa141f946bfaaa00f3389c7e09cd861337449e23954a8c13e glibc-langpack-an-2.39-121.el10_2.x86_64.rpm SHA-256: a1e7605ab61ee0ab8cabfc38e07e727582217bcbe6b5984db9f5e6ff4557bcad glibc-langpack-anp-2.39-121.el10_2.x86_64.rpm SHA-256: 4025b9f79de21ae5659400fa3a0b4f111d6de5505300d85a122a71bf3476d4ba glibc-langpack-ar-2.39-121.el10_2.x86_64.rpm SHA-256: 284d8e14ba9511ce25f81cbd46209766097e933b168fe8a054427d0a7e888d51 glibc-langpack-as-2.39-121.el10_2.x86_64.rpm SHA-256: a66b1b9af4caaf75d876e28a4062cc09813b1158933c21f6603583fed9cbb9da glibc-langpack-ast-2.39-121.el10_2.x86_64.rpm SHA-256: 6f69a2b85f895dd719eefbadda3358b6b0d4086371fee35a87ff68d58277d42f glibc-langpack-ayc-2.39-121.el10_2.x86_64.rpm SHA-256: 26891f5c5d472bc12bc3b9ccf9f9add9a12003908873e63a7c6f11b82fc3577d glibc-langpack-az-2.39-121.el10_2.x86_64.rpm SHA-256: 35f1df2108579ee81beaee2dfaf3540f19f6c14315920cd755f45665bcebe2f5 glibc-langpack-be-2.39-121.el10_2.x86_64.rpm SHA-256: aa9e37aa7f4afd35bf6f85bc6f2554f72be3b9bec9e7f1559ec758e8265c952f glibc-langpack-bem-2.39-121.el10_2.x86_64.rpm SHA-256: c35d58c78844a40513c3b3d2ef0a6eacdb48f129c67aa9712a76357e99658ed9 glibc-langpack-ber-2.39-121.el10_2.x86_64.rpm SHA-256: 304c75da0c1c62e8dc677f8c6a8682e938ce2670f1e76c9ea51ab8e16df89486 glibc-langpack-bg-2.39-121.el10_2.x86_64.rpm SHA-256: 08274193987da6f6d0c650162642dc0ffe247942195f3edcbbc8eacbf941772a glibc-langpack-bhb-2.39-121.el10_2.x86_64.rpm SHA-256: 2c4731fcfcf44934a17ad1b671fb5ab2928243a07ef205f10265342879f3a09e glibc-langpack-bho-2.39-121.el10_2.x86_64.rpm SHA-256: bfed34fe43c530560b8be658193a3d6a1b600b40f22dca0041f7fb7bbe8d1426 glibc-langpack-bi-2.39-121.el10_2.x86_64.rpm SHA-256: d4f23763ab8cf24f5431a10e8f4a96de67c79413d941e311b5f865872b6afed3 glibc-langpack-bn-2.39-121.el10_2.x86_64.rpm SHA-256: 2c1d12f1c13100c0e6bcbf2f8bbf9e7872d200051e3930c128d1c34153161311 glibc-langpack-bo-2.39-121.el10_2.x86_64.rpm SHA-256: 94eb96a2a283a22813532ab1fee948dcaf6fdb94aef38e6fefabd52685c37c3c glibc-langpack-br-2.39-121.el10_2.x86_64.rpm SHA-256: faf8b489448db3d014460e700f330d2ec7d3ff3082ef76f3ccb59a7171325145 glibc-langpack-brx-2.39-121.el10_2.x86_64.rpm SHA-256: c43b65cd81e2ea1b8f25652a1ddfce4b223647b273b027aaf83f5f4eb142f52d glibc-langpack-bs-2.39-121.el10_2.x86_64.rpm SHA-256: 99a8627312790def4940b06f4c7e581c2867ea1ad05c92bdf0b534f0d407cd0e glibc-langpack-byn-2.39-121.el10_2.x86_64.rpm SHA-256: df585c08444b3b143888aca525894f9c980113aafef2a78352eb46788b25efcb glibc-langpack-ca-2.39-121.el10_2.x86_64.rpm SHA-256: 22824b227dbf0e67f2df1ac50ebef8f299765f8b90a24c966a9e821823f90ba3 glibc-langpack-ce-2.39-121.el10_2.x86_64.rpm SHA-256: 293e90c5059e90cbe99e2821245c59d081d648fbd21e9ece7deb0cc2169c6701 glibc-langpack-chr-2.39-121.el10_2.x86_64.rpm SHA-256: 8c0874ff596f690624a76a463c5b926457e749c1f447608ed16d221ff1c24890 glibc-langpack-ckb-2.39-121.el10_2.x86_64.rpm SHA-256: cf0ae127e04fb43ad1d85a506f7f8db83bd7a4a80f4098aafd99fb19a1008848 glibc-langpack-cmn-2.39-121.el10_2.x86_64.rpm SHA-256: c7e439eb6e35f1bc30ad0e31c9366d6f6812d9a98a543cee55b19ca27e81644f glibc-langpack-crh-2.39-121.el10_2.x86_64.rpm SHA-256: 92dbb022caca33c6637ebb7b136bea725b07eeddd868ca0ffec37784199a9271 glibc-langpack-cs-2.39-121.el10_2.x86_64.rpm SHA-256: 18ae4