[SECURITY] Fedora 20 Update: glibc-2.18-19.fc20
updates at fedoraproject.org
updates at fedoraproject.org
Wed Mar 4 10:25:31 UTC 2015
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2015-2845
2015-02-28 06:50:52
--------------------------------------------------------------------------------
Name : glibc
Product : Fedora 20
Version : 2.18
Release : 19.fc20
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.
--------------------------------------------------------------------------------
Update Information:
- Fix CVE-2014-6040: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
- Fix CVE-2014-7817: command execution in wordexp() with WRDE_NOCMD specified
--------------------------------------------------------------------------------
ChangeLog:
* Fri Feb 27 2015 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.18-19
- wordexp fails to honour WRDE_NOCMD (CVE-2014-7817, #1167569).
* Mon Feb 23 2015 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.18-18
- Crashes on invalid input in IBM gconv modules (CVE-2014-6040, #1135842).
* Wed Oct 1 2014 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.18-17
- Fix lll_unlock twice in pthread_cond_broadcast (#1104400).
* Fri Sep 26 2014 Carlos O'Donell <carlos at redhat.com> - 2.18-16
- Disable lock elision support for Intel hardware until microcode
updates can be done in early bootup (#1146967).
* Tue Aug 26 2014 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.18-15
- Fix failing tst-setlocale3 (#rh1118581).
* Tue Aug 26 2014 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.18-14
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,
* Thu Feb 6 2014 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.18-13
- Add pointer mangling support for ARM (#1019452).
* Thu Jan 23 2014 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.18-12
- Use first name entry for address in /etc/hosts as the canonical name
in getaddrinfo (#1047979).
- Fix parsing of 0e+0 as float (#1055613).
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #1157689 - CVE-2014-7817 glibc: command execution in wordexp() with WRDE_NOCMD specified
https://bugzilla.redhat.com/show_bug.cgi?id=1157689
[ 2 ] Bug #1135841 - CVE-2014-6040 glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
https://bugzilla.redhat.com/show_bug.cgi?id=1135841
--------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the package-announce
mailing list