USN-8005-1 details multiple vulnerabilities in the GNU C Library, including improper input initialization in `WRDE_REUSE` (CVE-2025-15281), incorrect handling of `regcomp` during memory allocation failures (CVE-2025-8058), incorrect handling of `memalign` during memory allocation (CVE-2026-0861), and incorrect handling of certain DNS backend queries for zero-valued networks (CVE-2026-0915). Exploitation of these flaws could lead to denial of service or arbitrary code execution. CVE-2025-8058 affects Ubuntu 16.04 LTS, 18.04 LTS, and 20.04 LTS; CVE-2026-0861 affects Ubuntu 20.04 LTS, 22.04 LTS, 24.04 LTS, and 25.10. The advisory does not specify fixed versions or mitigations, but users should upgrade to the latest patched versions of glibc provided by Ubuntu for their respective releases.
Vitaly Simonovich discovered that the GNU C Library did not properly initialize the input when WRDE_REUSE is used. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service. (CVE-2025-15281) Anastasia Belova discovered that the GNU C Library incorrectly handled the regcomp function when memory allocation failures occured. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. (CVE-2025-8058) Igor Morgenstern discovered that the GNU C Library incorrectly handled the memalign function when doing memory allocation. An attacker could possibly use this issue to cause applications to crash, leading to a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS and Ubuntu 25.10. (CVE-2026-0861) Igor Morgenstern discovered that the GNU C Library incorrectly handled certain DNS backend when queries for a zero-valued network. An attacker could possibly use this issue to cause a denial of service or obtain sensitive information. (CVE-2026-0915)