1.72.1. RHSA-2010:0872: Important security and bug fix update
Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.
It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847)
It was discovered that the glibc dynamic linker/loader did not perform sufficient safety checks when loading dynamic shared objects (DSOs) to provide callbacks for its auditing API during the execution of privileged programs. A local attacker could use this flaw to escalate their privileges via a carefully-chosen system DSO library containing unsafe constructors. (CVE-2010-3856)
Red Hat would like to thank Tavis Ormandy for reporting the CVE-2010-3847 issue, and Ben Hawkes and Tavis Ormandy for reporting the CVE-2010-3856 issue.
This update also fixes the following bugs:
Previously, the generic implementation of the strstr() and memmem() functions did not handle certain periodic patterns correctly and could find a false positive match. This error has been fixed, and both functions now work as expected. (
BZ#643341)
The "TCB_ALIGNMENT" value has been increased to 32 bytes to prevent applications from crashing during symbol resolution on 64-bit systems with support for Intel AVX vector registers. (
BZ#643343)
All users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.
1.72.2. RHSA-2011:0413: Important security update
Updated glibc packages that fix three security issues are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.
The fix for CVE-2010-3847 introduced a regression in the way the dynamic loader expanded the $ORIGIN dynamic string token specified in the RPATH and RUNPATH entries in the ELF library header. A local attacker could use this flaw to escalate their privileges via a setuid or setgid program using such a library. (CVE-2011-0536)
It was discovered that the glibc fnmatch() function did not properly restrict the use of alloca(). If the function was called on sufficiently large inputs, it could cause an application using fnmatch() to crash or, possibly, execute arbitrary code with the privileges of the application. (CVE-2011-1071)
It was discovered that the locale command did not produce properly escaped output as required by the POSIX specification. If an attacker were able to set the locale environment variables in the environment of a script that performed shell evaluation on the output of the locale command, and that script were run with different privileges than the attacker's, it could execute arbitrary code with the privileges of the script. (CVE-2011-1095)
All users should upgrade to these updated packages, which contain backported patches to correct these issues.
1.72.3. RHBA-2011:0321: bug fix update
Updated glibc packages that fix a bug in the dynamic linker are now available for Red Hat Enterprise Linux 6.
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.
This update fixes the following bug:
Due to an error in glibc libraries, a race condition could occur when traversing a list of currently loaded shared libraries, causing an application to terminate with an error. This error has been fixed, the race condition no longer occurs, and the list of shared libraries can now be traversed as expected. (
BZ#661396)
All users are advised to upgrade to these updated packages, which resolve this issue.
1.72.4. RHBA-2011:0584: bug fix and enhancement update
Updated glibc packages that fix numerous bugs and add various enhancements are now available for Red Hat Enterprise Linux 6.
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.
Bug fixes:
- BZ#646954
Due to an error in glibc libraries, a race condition could occur when traversing a list of currently loaded shared libraries, causing an application to terminate with an error. This error has been fixed, the race condition no longer occurs, and the list of shared libraries can now be traversed as expected.
- BZ#642584
On 64-bit x86 systems with support for AVX vector registers, an insufficient alignment of the thread descriptor could cause an application to crash during symbol resolution. With this update, the "TCB_ALIGNMENT" value has been increased to 32 bytes, and applications no longer crash.
- BZ#641128
Previously, the generic implementation of the strstr() and memmem() functions did not handle certain periodic patterns correctly and could find a false positive match. This error has been fixed, and both functions now work as expected.
- BZ#656530
The long double square root function, sqrtl, sometimes returned an incorrect result if the relative magnitude difference between the high and low halves of the long double exceeded a certain number. This occurred because one of the variables used in the calculation was an unsigned integer. The integer is now signed and the function works correctly.
- BZ#623187
The futex(FUTEX_WAKE_OP) method did not default to futex(FUTEX_WAKE) when FUTEX_WAKE_OP was not supported by the kernel. This resulted in the method always failing on these systems. The code change in glibc pthread_cond_signal() that caused this issue has now been corrected.
- BZ#661982
The memmove, wmemmove and wmemset operations contained incorrect "__restrict" qualifiers, even though their arguments could overlap. This issue has now been corrected.
- BZ#656014
The name service cache daemon (nscd) cached the results of lookups for DNS records even when the DNS records had a time-to-live of 0. nscd now respects DNS time-to-live values, and does not cache the results in this situation.
- BZ#653905
Attempting to build the glibc RPM failed when %_enable_debug_packages was either not set, or set to 0. This has been corrected so that debug packages need not be set or enabled in order to build the glibc RPM.
- BZ#652661
An uninitialized variable prevented glibc from compiling with the G++ compiler when "sys/timex.h" was included. This has been corrected.
- BZ#647448
strchr did not handle its second parameter correctly when %rdi was aligned to a 16-byte boundary and glibc was enabled for multiple architectures on AMD64 or Intel 64 systems with CPUs that supported Supplemental Streaming SIMD Extension (SSE) 4.2. The method would therefore output incorrect results. This has been corrected, and strchr now gives the expected output.
- BZ#615701
glibc did not load nosegneg libraries in a 32-bit Xen domain U environment when hwcap 1 nosegneg was set in /etc/ld.so.conf.d/nosegneg.conf, causing the incorrect library to be used. This has been corrected so that the nosegneg libraries are loaded.
- BZ#692177
Previously, the sysconf(_SC_*CACHE) method returned 0 for all caches on systems with Intel Xeon processors. This occurred because glibc used cpuid leaf 2 rather than cpuid leaf 4. This update uses cpuid leaf 4 where possible, resolving this issue.
- BZ#689471
The strncmp method failed with a segmentation fault when used with Supplemental Streaming SIMD Extension 4 (SSE4). Several checks have been implemented to prevent this.
Enhancements:
- BZ#601686
Several aspects of glibc code have been optimized for Supplemental Streaming SIMD Extension (SSE), including memcpy(), strcasecmp(), strnlen(), strcasestr() and strncasestr().
- BZ#615090
Details about the MALLOC_PERTURB_ (M_PERTURB) operation, which can be used to debug the use of uninitialized or freed heap memory, have been added to the documentation.
- BZ#676076
Support for forthcoming AMD processors has been added to glibc's memset operation.
All users of glibc are advised to upgrade to these updated packages, which resolve these issues.
