[SECURITY] Fedora 23 Update: glibc-2.22-15.fc23

updates at fedoraproject.org updates at fedoraproject.org
Tue May 10 18:01:37 UTC 2016


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2016-68abc0be35
2016-05-10 11:45:44.966689
--------------------------------------------------------------------------------

Name        : glibc
Product     : Fedora 23
Version     : 2.22
Release     : 15.fc23
URL         : http://www.gnu.org/software/glibc/
Summary     : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

This update contains minor security fixes (for CVE-2016-3075, CVE-2016-1234,
CVE-2015-8778, CVE-2015-8776, CVE-2014-9761, CVE-2015-8779) and collects fixes
for bugs encountered by Fedora users.
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #1316972 - glibc: NULL pointer dereference in stub resolver with unconnectable name server addresses
        https://bugzilla.redhat.com/show_bug.cgi?id=1316972
  [ 2 ] Bug #1321861 - glibc: "getent group" listing using nss_db fails when entries are long
        https://bugzilla.redhat.com/show_bug.cgi?id=1321861
  [ 3 ] Bug #1313404 - Test suite failure: elf/tst-audit10 and elf/tst-audit4
        https://bugzilla.redhat.com/show_bug.cgi?id=1313404
  [ 4 ] Bug #1332914 - glibc: Backport nss_dns hardening patches
        https://bugzilla.redhat.com/show_bug.cgi?id=1332914
  [ 5 ] Bug #1321954 - CVE-2016-3075 glibc: Stack overflow in nss_dns_getnetbyname_r [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1321954
  [ 6 ] Bug #1332912 - glibc: nss_hesiod: Heap overflow in get_txt_records
        https://bugzilla.redhat.com/show_bug.cgi?id=1332912
  [ 7 ] Bug #1333940 - glibc: Avoid build failure in TZ tests
        https://bugzilla.redhat.com/show_bug.cgi?id=1333940
  [ 8 ] Bug #1332917 - glibc: Deadlock between fflush, getdelim, and fork
        https://bugzilla.redhat.com/show_bug.cgi?id=1332917
  [ 9 ] Bug #1333945 - glibc: dlerror () returns NULL after dlsym (RTLD_NEXT) of a non-existent symbol
        https://bugzilla.redhat.com/show_bug.cgi?id=1333945
  [ 10 ] Bug #1315648 - CVE-2016-1234 glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1315648
  [ 11 ] Bug #1333901 - glibc: getnameinfo: fix memory leak and incorrect truncation checks
        https://bugzilla.redhat.com/show_bug.cgi?id=1333901
  [ 12 ] Bug #1288740 - glibc: tst-makecontext fails on armhfp
        https://bugzilla.redhat.com/show_bug.cgi?id=1288740
  [ 13 ] Bug #1307234 - strfmon_l does not group digits.
        https://bugzilla.redhat.com/show_bug.cgi?id=1307234
  [ 14 ] Bug #1300304 - CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1300304
  [ 15 ] Bug #1300300 - CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1300300
  [ 16 ] Bug #1293139 - Invalid memory access in getmntent_r()
        https://bugzilla.redhat.com/show_bug.cgi?id=1293139
  [ 17 ] Bug #1300311 - CVE-2014-9761 glibc: Unbounded stack allocation in nan* functions [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1300311
  [ 18 ] Bug #1300314 - CVE-2015-8779 glibc: Unbounded stack allocation in catopen function [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1300314
  [ 19 ] Bug #1321372 - Incorrect first day of the week for es_CL locale
        https://bugzilla.redhat.com/show_bug.cgi?id=1321372
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program. Use
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------


More information about the package-announce mailing list