Mariner Release Notes Security Update secure@microsoft.com The Microsoft Security Response Center (MSRC) identifies, monitors, resolves, and responds to security incidents and Microsoft software security vulnerabilities. For more information, see http://www.microsoft.com/security/msrc. 2011-Mar 2011-Mar Final 1.0 3 2026-02-18T03:09:43 Mariner Release Notes 2011-03-02T00:00:00 2026-02-18T03:09:43 <p>Mariner Release notes</p> The information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply. cm1 glibc 2.28-24 on CBL Mariner 1.0 cbl2 glibc 2.35-7 on CBL Mariner 2.0 cbl2 mutt 2.2.12-1 on CBL Mariner 2.0 azl3 glibc 2.38-10 on Azure Linux 3.0 azl3 orangefs 2.9.8-3 on Azure Linux 3.0 cbl2 orangefs 2.9.8-3 on CBL Mariner 2.0 cm1 glibc 2.28-24 on CBL Mariner 1.0 cbl2 glibc 2.35-7 on CBL Mariner 2.0 cbl2 mutt 2.2.12-1 on CBL Mariner 2.0 azl3 glibc 2.38-10 on Azure Linux 3.0 azl3 orangefs 2.9.8-3 on Azure Linux 3.0 cbl2 orangefs 2.9.8-3 on CBL Mariner 2.0 The glob implementation in the GNU C Library (aka glibc or libc6) allows remote authenticated users to cause a denial of service (CPU and memory consumption) via crafted glob expressions that do not match any pathnames, as demonstrated by glob expressions in STAT commands to an FTP daemon, a different vulnerability than CVE-2010-2632. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2010-4756 17077-16820 17348-16823 19758-17084 20249-17084 20250-17086 17077-16820 17348-16823 19758-17084 20249-17084 20250-17086 Moderate 17077-16820 Moderate 17348-16823 Moderate 19758-17084 Moderate 20249-17084 Moderate 20250-17086 CBL-Mariner Releases 17077-16820 No Security Update 2.28-24 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17077-16820 CBL-Mariner Releases CBL-Mariner Releases 17348-16823 No Security Update 2.35-7 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 17348-16823 CBL-Mariner Releases 1.0 2025-09-04T04:29:41 <p>Information published.</p> 1.1 2026-02-18T03:09:43 <p>Information published.</p> Mutt does not verify that the smtps server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL SMTP server via an arbitrary certificate, a different vulnerability than CVE-2009-3766. <p><strong>Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?</strong></p> <p>One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See <a href="https://www.microsoft.com/en-us/msrc/blog/2025/10/toward-greater-transparency-machine-readable-vulnerability-exploitability-xchange-for-azure-linux">this blog</a> post for more information. If impact to additional products is identified, we will update the CVE to reflect this.</p> Mariner mitre Yes CVE-2011-1429 18316-16823 18316-16823 Moderate 18316-16823 CBL-Mariner Releases 18316-16823 No Security Update 2.2.12-1 https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade 18316-16823 CBL-Mariner Releases 1.0 2025-10-01T23:10:51 <p>Information published.</p>