Skip to main content
Skip table of contents

ISN 2025-21: Glibc Vulnerability

First published 3 June 2025

CVSS 3.1: 7.8 (High)

CVSS 3.1: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

A security vulnerability has been discovered in Glibc, the C library used in IGEL OS. This affects the following product versions:

  • IGEL OS 12

  • IGEL OS 11

Details

The GNU C library (Glib) has a vulnerability in handling the LD_LIBRARY_PATH environment variable in statically linked SetUID binaries that call dlopen. The issue may cause library code to be loaded that is under control of an attacker.

This vulnerability was initially rated as critical but was later downgraded to high, as it became clear that it can only be exploited locally, not from the network.

Update Instructions

  • OS 12: Update to OS 12.7.0 when available (planned for 4 June).

  • OS 11: Update to 11.10.310 when available (planned for 4 June).

References

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close