After six months in development, the GNU Project quietly dropped version 2.42 of the GNU C Library (glibc), a standard C library that provides the core interface between user programs and the Linux kernel.
The new release doubles down on support for the emerging ISO C23 standard. Brand‑new math helpers—think compoundn, pown, powr, rootn, and the quick‑and‑dirty rsqrt family—landed in <math.h>, together with matching type‑generic macros in <tgmath.h>.
On top of that, the ISO C2Y unsigned abs functions (uabs, ulabs, etc.) make their debut, rounding out the library’s numerical toolkit.
On the performance front, malloc’s thread-local cache (tcache) gets a major boost. It now supports caching of large blocks (up to 4MB) and speeds up small allocations. System builders can tweak this via the new “glibc.malloc.tcache_max” tunable.
Plus, there’s also a pragmatic new pthread_gettid_np helper for grabbing the kernel thread ID without dipping into fragile, platform‑specific syscalls.
Another headline feature is SFrame support. When glibc is built with the --enable-sframe switch (and when paired with Binutils ≥ 2.45), programs gain a lightweight way to record stack‑unwind metadata that’s both compact and debugger‑friendly.
Architecturally, the library now auto‑detects Intel’s upcoming Arrow Lake, Panther Lake, Clearwater Forest, and Diamond Rapids CPUs, plus IBM’s freshly announced z17 mainframes.
Lastly, glibc 2.42 patches four publicly tracked CVEs, including a buffer overflow in assert() message handling (CVE‑2025‑0395) and a pair of Power10 vector‑register clobbering bugs that could produce wildly incorrect strcmp/strncmp results under certain calling conventions (CVE‑2025‑5702 and ‑5745). There’s also a double‑free fix in the POSIX regex engine (CVE‑2025‑8058).
For your peace of mind, we must say that none of these vulnerabilities appear to have active exploits in the wild right now, but patched packages should still move through testing repos without delay.
For more information, see the announcement. The release notes are here.
