B.27.3. RHBA-2011:1180 — glibc bug fix update

Under certain circumstances, a threaded process could have been granted incomplete group membership of the user who was running the process. This was caused by glibc using its default method for group membership determination, which led to the situation where multiple threads interfered with each other while attempting to retrieve the information simultaneously. Due to the nature of the group membership determination method used, each thread ended up with a different subset of the entire result set. With this update, the group membership determination method has been modified to precede this interference.

When a process corrupted its heap, the malloc() function could have entered a deadlock situation while building up an error message string. This caused the process unresponsive. With this update, the code has been modified to use the mmap() function to allocate memory for the error message. This workaround ensures that malloc() deadlock no longer occurs when allocating memory for an error message when the corrupted process heap is detected, and such a process is now normally aborted.

Previously, nscd did not take into consideration time-to-live (TTL) parameters for the DNS records it was caching. With this update, the code has been modified so that nscd now respects TTL parameters when it answers requests for DNS records.