Security update for glibc
SUSE Security Update: Security update for glibc
This collective update for the GNU C library (glibc)
provides the following fixes and enhancements:
Security issues fixed: - Fix stack overflow in getaddrinfo
with many results. (bnc#813121, CVE-2013-1914) - Fixed
another stack overflow in getaddrinfo with many results
(bnc#828637) - Fix buffer overflow in glob. (bnc#691365)
(CVE-2010-4756) - Fix array overflow in floating point
parser [bnc#775690] (CVE-2012-3480) - Fix strtod
integer/buffer overflows [bnc#775690] (CVE-2012-3480) -
Make addmntent return errors also for cached streams. [bnc
#676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc
#770891, CVE 2012-3406] - Add vfprintf-nargs.diff for
possible format string overflow. [bnc #747768,
CVE-2012-0864] - Check values from file header in
__tzfile_read. [bnc #735850, CVE-2009-5029]
Also several bugs were fixed: - Fix locking in _IO_cleanup.
(bnc#796982) - Fix memory leak in execve. (bnc#805899) -
Fix nscd timestamps in logging (bnc#783196) - Fix perl
script error message (bnc#774467) - Fall back to localhost
if no nameserver defined (bnc#818630) - Fix incomplete
results from nscd. [bnc #753756] - Fix a deadlock in dlsym
in case the symbol isn't found, for multithreaded
programs. [bnc #760216] - Fix problem with TLS and dlopen.
[#732110] - Backported regex fix for skipping of valid
EUC-JP matches [bnc#743689] - Fixed false regex match on
incomplete chars in EUC-JP [bnc#743689] - Add
glibc-pmap-timeout.diff in order to fix useless connection
attempts to NFS servers. [bnc #661460]
Security Issues:
* CVE-2009-5029
>
* CVE-2010-4756
>
* CVE-2011-1089
>
* CVE-2012-0864
>
* CVE-2012-3480
>
* CVE-2013-1914
>
| Announcement ID: | SUSE-SU-2013:1287-1 |
| Rating: | moderate |
| References: | #661460 #676178 #691365 #732110 #735850 #743689 #747768 #753756 #760216 #770891 #774467 #775690 #783196 #796982 #805899 #813121 #818630 #828637 |
| Affected Products: |
An update that solves 6 vulnerabilities and has 12 fixes is now available.
Description:
This collective update for the GNU C library (glibc)
provides the following fixes and enhancements:
Security issues fixed: - Fix stack overflow in getaddrinfo
with many results. (bnc#813121, CVE-2013-1914) - Fixed
another stack overflow in getaddrinfo with many results
(bnc#828637) - Fix buffer overflow in glob. (bnc#691365)
(CVE-2010-4756) - Fix array overflow in floating point
parser [bnc#775690] (CVE-2012-3480) - Fix strtod
integer/buffer overflows [bnc#775690] (CVE-2012-3480) -
Make addmntent return errors also for cached streams. [bnc
#676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc
#770891, CVE 2012-3406] - Add vfprintf-nargs.diff for
possible format string overflow. [bnc #747768,
CVE-2012-0864] - Check values from file header in
__tzfile_read. [bnc #735850, CVE-2009-5029]
Also several bugs were fixed: - Fix locking in _IO_cleanup.
(bnc#796982) - Fix memory leak in execve. (bnc#805899) -
Fix nscd timestamps in logging (bnc#783196) - Fix perl
script error message (bnc#774467) - Fall back to localhost
if no nameserver defined (bnc#818630) - Fix incomplete
results from nscd. [bnc #753756] - Fix a deadlock in dlsym
in case the symbol isn't found, for multithreaded
programs. [bnc #760216] - Fix problem with TLS and dlopen.
[#732110] - Backported regex fix for skipping of valid
EUC-JP matches [bnc#743689] - Fixed false regex match on
incomplete chars in EUC-JP [bnc#743689] - Add
glibc-pmap-timeout.diff in order to fix useless connection
attempts to NFS servers. [bnc #661460]
Security Issues:
* CVE-2009-5029
* CVE-2010-4756
* CVE-2011-1089
* CVE-2012-0864
* CVE-2012-3480
* CVE-2013-1914
Package List:
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 i686 s390x x86_64):
- glibc-2.4-31.77.102.1
- glibc-devel-2.4-31.77.102.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):
- glibc-html-2.4-31.77.102.1
- glibc-i18ndata-2.4-31.77.102.1
- glibc-info-2.4-31.77.102.1
- glibc-locale-2.4-31.77.102.1
- glibc-profile-2.4-31.77.102.1
- nscd-2.4-31.77.102.1
- SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):
- glibc-32bit-2.4-31.77.102.1
- glibc-devel-32bit-2.4-31.77.102.1
- glibc-locale-32bit-2.4-31.77.102.1
- glibc-profile-32bit-2.4-31.77.102.1
References:
- http://support.novell.com/security/cve/CVE-2009-5029.html
- http://support.novell.com/security/cve/CVE-2010-4756.html
- http://support.novell.com/security/cve/CVE-2011-1089.html
- http://support.novell.com/security/cve/CVE-2012-0864.html
- http://support.novell.com/security/cve/CVE-2012-3480.html
- http://support.novell.com/security/cve/CVE-2013-1914.html
- https://bugzilla.novell.com/661460
- https://bugzilla.novell.com/676178
- https://bugzilla.novell.com/691365
- https://bugzilla.novell.com/732110
- https://bugzilla.novell.com/735850
- https://bugzilla.novell.com/743689
- https://bugzilla.novell.com/747768
- https://bugzilla.novell.com/753756
- https://bugzilla.novell.com/760216
- https://bugzilla.novell.com/770891
- https://bugzilla.novell.com/774467
- https://bugzilla.novell.com/775690
- https://bugzilla.novell.com/783196
- https://bugzilla.novell.com/796982
- https://bugzilla.novell.com/805899
- https://bugzilla.novell.com/813121
- https://bugzilla.novell.com/818630
- https://bugzilla.novell.com/828637
- http://download.suse.com/patch/finder/?keywords=17c15337eaf4f28f28cdc9f9d3d731ec