[SECURITY] Fedora 19 Update: glibc-2.17-14.fc19

updates at fedoraproject.org updates at fedoraproject.org
Tue Aug 27 23:29:45 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-15316
2013-08-26 21:10:42
--------------------------------------------------------------------------------

Name        : glibc
Product     : Fedora 19
Version     : 2.17
Release     : 14.fc19
URL         : http://www.gnu.org/software/glibc/
Summary     : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

systemd is now required during build so that installing or updating nscd does not result in any warnings.  rtkaio bits are now tested correctly.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Aug 26 2013 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.17-14
- Add systemd to BuildRequires (#999924).
- Expand sizes of some types in strcoll (#855399, CVE-2012-4424).
- Remove non-ELF support in rtkaio.
- Avoid inlining of cleanup function for kaio_suspend.
- Fix tst-aiod2 and tst-aiod3 test failures (#970865).
* Mon Aug 19 2013 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.17-13
- Fix stack overflow in getaddrinfo with many results (#947892, CVE-2013-1914).
* Mon Aug 19 2013 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.17-12
- Disable pt_chown (#984829, CVE-2013-2207).
- Fix strcoll flaws (#855399, CVE-2012-4412, CVE-2012-4424).
- Fix buffer overflow in readdir_r (#995841, CVE-2013-4237).
* Tue Jun 25 2013 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.17-11
- Fix libm performance regression due to set/restore rounding mode (#977887).
* Tue Jun 25 2013 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.17-10
- Preserve errno across _PC_CHOWN_RESTRICTED call on XFS (#977870).
  - Remove PIPE_BUF Linux-specific code (#977872).
  - Fix FPE in memusagestat when malloc utilization is zero (#977874).
  - Accept leading and trailing spaces in getdate input string (#977875).
* Thu Jun 20 2013 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.17-9
- Set EAI_SYSTEM only when h_errno is NETDB_INTERNAL (#958652).
* Tue Jun  4 2013 Jeff Law <law at redhat.com> - 2.17-8
- Fix ESTALE error message (#966259)
* Sun May  5 2013 Patsy Franklin <pfrankli at redhat.com> - 2.17-7
- Fix _nl_find_msg malloc failure case, and callers. (#959034).
* Tue Apr 30 2013 Patsy Franklin <pfrankli at redhat.com> - 2.17-6
- Test init_fct for NULL, not result->__init_fct, after demangling (#952799).
* Tue Apr 23 2013 Patsy Franklin <pfrankli at redhat.com> - 2.17-5
- Increase limits on xdr name and record requests (#892777).
  - Consistently MANGLE/DEMANGLE init_fct, end_fct and btow_fct (#952799).
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #999924 - Non-fatal POSTIN scriptlet failure in rpm package nscd-2.17-13.fc19.x86_64
        https://bugzilla.redhat.com/show_bug.cgi?id=999924
  [ 2 ] Bug #855399 - CVE-2012-4412 CVE-2012-4424 glibc: strcoll() various flaws [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=855399
  [ 3 ] Bug #970865 - Testsuite failure: tst-aiod2.c and tst-aiod3.c build failure
        https://bugzilla.redhat.com/show_bug.cgi?id=970865
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list