[Oraclevm-errata] OVMSA-2014-0017 Important: Oracle VM 3.3 glibc security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Wed Sep 3 11:40:14 PDT 2014
Oracle VM Security Advisory OVMSA-2014-0017
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
glibc-2.12-1.132.el6_5.4.i686.rpm
glibc-2.12-1.132.el6_5.4.x86_64.rpm
glibc-common-2.12-1.132.el6_5.4.x86_64.rpm
nscd-2.12-1.132.el6_5.4.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/glibc-2.12-1.132.el6_5.4.src.rpm
Description of changes:
[2.12-1.132.4]
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names
(CVE-2014-0475,
[2.12-1.132.3]
- Don't use alloca in addgetnetgrentX (#1087789).
- Adjust pointers to triplets in netgroup query data (#1087789).
[2.12-1.132.2]
- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1098050).
[2.12-1.132.1]
- Fix race in free() of fastbin chunk (#1091162).
[2.12-1.132]
- Revert the addition of gettimeofday vDSO function for ppc and ppc64 until
OPD VDSO function call issues are resolved (#1026533).
[2.12-1.131]
- Call gethostbyname4_r only for PF_UNSPEC (#1022022).
[2.12-1.130]
- Fix integer overflows in *valloc and memalign. (#1008310).
[2.12-1.129]
- Initialize res_hconf in nscd (#970090).
[2.12-1.128]
- Update previous patch for dcigettext.c and loadmsgcat.c (#834386).
[2.12-1.127]
- Save search paths before performing relro protection (#988931).
[2.12-1.126]
- Correctly name the 240-bit slow path sytemtap probe slowpow_p10 for
slowpow (#905575).
[2.12-1.125]
- Align value of stacksize in nptl-init (#663641).
[2.12-1.124]
- Renamed release engineering directory from 'fedora' to `releng' (#903754).
[2.12-1.123]
- Backport GLIBC sched_getcpu and gettimeofday vDSO functions for ppc
(#929302).
- Fall back to local DNS if resolv.conf does not define nameservers
(#928318).
- Add systemtap probes to slowexp and slowpow (#905575).
[2.12-1.122]
- Fix getaddrinfo stack overflow resulting in application crash
(CVE-2013-1914, #951213).
- Fix multibyte character processing crash in regexp (CVE-2013-0242,
#951213).
[2.12-1.121]
- Add netgroup cache support for nscd (#629823).
[2.12-1.120]
- Fix multiple nss_compat initgroups() bugs (#966778).
- Don't use simple lookup for AF_INET when AI_CANONNAME is set (#863384).
[2.12-1.119]
- Add MAP_HUGETLB and MAP_STACK support (#916986).
- Update translation for stale file handle error (#970776).
[2.12-1.118]
- Improve performance of _SC_NPROCESSORS_ONLN (#rh952422).
- Fix up _init in pt-initfini to accept arguments (#663641).
[2.12-1.117]
- Set reasonable limits on xdr requests to prevent memory leaks (#848748).
[2.12-1.116]
- Fix mutex locking for PI mutexes on spurious wake-ups on pthread condvars
(#552960).
- New environment variable GLIBC_PTHREAD_STACKSIZE to set thread stack size
(#663641).
[2.12-1.115]
- Improved handling of recursive calls in backtrace (#868808).
[2.12-1.114]
- The ttyname and ttyname_r functions on Linux now fall back to
searching for
the tty file descriptor in /dev/pts or /dev if /proc is not
available. This
allows creation of chroots without the procfs mounted on /proc.
(#851470)
[2.12-1.113]
- Don't free rpath strings allocated during startup until after
ld.so is re-relocated. (#862094)
[2.12-1.112]
- Consistantly MANGLE/DEMANGLE function pointers.
Fix use after free in dcigettext.c (#834386).
[2.12-1.111]
- Change rounding mode only when necessary (#966775).
[2.12-1.110]
- Backport of code to allow incremental loading of library list (#886968).
[2.12-1.109]
- Fix loading of audit libraries when TLS is in use (#919562)
[2.12-1.108]
- Fix application of SIMD FP exception mask (#929388).
More information about the Oraclevm-errata
mailing list