Security update for glibc

SUSE Security Update: Security update for glibc

Announcement ID:	SUSE-SU-2015:0170-1
Rating:	moderate
References:	#844309 #882600 #894553 #894556
Affected Products:	SUSE Linux Enterprise Server 10 SP4 LTSS

An update that solves three vulnerabilities and has one errata is now available.

Description:

glibc has been updated to fix security issues:

* Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
CVE-2012-6656, bsc#894553, bsc#894556, GLIBC BZ #17325, GLIBC BZ
#14134)
* Fixed a stack overflow during hosts parsing (CVE-2013-4357)
* Copy filename argument in posix_spawn_file_actions_addopen
(CVE-2014-4043, bsc#882600, BZ #17048)

Security Issues:

* CVE-2014-6040

* CVE-2012-6656

* CVE-2013-4357

Package List:

SUSE Linux Enterprise Server 10 SP4 LTSS (i586 i686 s390x x86_64):
- glibc-2.4-31.115.2
- glibc-devel-2.4-31.115.2
SUSE Linux Enterprise Server 10 SP4 LTSS (i586 s390x x86_64):
- glibc-html-2.4-31.115.2
- glibc-i18ndata-2.4-31.115.2
- glibc-info-2.4-31.115.2
- glibc-locale-2.4-31.115.2
- glibc-profile-2.4-31.115.2
- nscd-2.4-31.115.2
SUSE Linux Enterprise Server 10 SP4 LTSS (s390x x86_64):
- glibc-32bit-2.4-31.115.2
- glibc-devel-32bit-2.4-31.115.2
- glibc-locale-32bit-2.4-31.115.2
- glibc-profile-32bit-2.4-31.115.2

References:

http://support.novell.com/security/cve/CVE-2012-6656.html
http://support.novell.com/security/cve/CVE-2013-4357.html
http://support.novell.com/security/cve/CVE-2014-6040.html
https://bugzilla.suse.com/show_bug.cgi?id=844309
https://bugzilla.suse.com/show_bug.cgi?id=882600
https://bugzilla.suse.com/show_bug.cgi?id=894553
https://bugzilla.suse.com/show_bug.cgi?id=894556
http://download.suse.com/patch/finder/?keywords=1ccbe69cba5cc8835258525263c85657