4.33. glibc
Updated glibc packages that fix several bugs are now available for Red Hat Enterprise Linux 5.
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
Bug Fixes
- BZ#706571
- The library uses the compat_call() function which in turn uses the getgrent_r() function which is reentrant safe, but not thread safe. As a result, if multiple threads call getgrent_r() using compat_call(), they may race against each other, resulting in some groups not being properly reported. With this update, locking was added to the compat_call() function to prevent multiple threads from racing. All groups are now properly reported.
- BZ#816647
- A library security mechanism failed to correctly run the initialization function of dynamically-loaded character conversion routines. Consequently, glibc could sometimes terminate unexpectedly with a segmentation fault when attempting to use one dynamically-loaded character conversion routine. The library security mechanism has been fixed to correctly run the initialization function. After this update, the aforementioned problem no longer occurs in this situation.
- BZ#835828
- Various bugs in the wide character version of the fseek() function resulted in the internal FILE offset field being set incorrectly in wide character streams. As a result, the offset returned by the ftell() function was incorrect, and sometimes, data could be overwritten. The ftell() function was fixed to correctly set the internal FILE offset field for wide characters. The ftell() and fseek() functions now handle offsets for wide characters correctly.
- BZ#861871
- A fix to prevent logic errors in various mathematical functions, including exp(), exp2(), expf(), exp2f(), pow(), sin(), tan(), and rint(), caused by inconsistent results when the functions were used with the non-default rounding mode, creates performance regressions for certain inputs. The performance regressions have been analyzed and the core routines have been optimized to improve performance.
- BZ#929035
- A defect in the nscd daemon caused it to cache results for DNS entries with a TTL value of zero. This caused DNS lookups to return stale results. The nscd daemon has been fixed to correctly respect DNS TTL entries of zero. The nscd daemon no longer cache DNS entries with a TTL of zero and lookups for those entries return the correct and current results.
- BZ#957089
- A defect in the library localization routines resulted in unexpected termination of the application in low-memory conditions. The affected routines have been fixed to correctly detect and report errors when a low-memory condition prevents their correct operation. Applications running under low-memory conditions no longer terminate unexpectedly while calling localization routines.
Users of glibc are advised to upgrade to these updated packages, which fix these bugs.
Updated glibc packages that fix three bugs are now available for Red Hat Enterprise Linux 5.
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, a Linux system cannot function correctly.
Bug Fixes
- BZ#962903
- A bug in the nscd daemon caused it to cache results for DNS entries with a TTL value of zero. Consequently, DNS lookups returned stale results. The nscd daemon has been fixed to correctly respect DNS TTL entries of zero. Now, nscd no longer caches DNS entries with a TTL of zero and lookups for those entries return correct and current results.
- BZ#963812
- Previously, a library-security mechanism failed to correctly run the initialization functions of dynamically loaded character-conversion routines. This could lead to an unexpected termination with a segmentation fault when trying to use such a routine. With this update, the library-security mechanism has been fixed to correctly run the initialization functions and the character-conversion routines no longer cause crashes.
- BZ#963813
- Due to a bug in the library-localization routines, applications could terminate unexpectedly in low-memory conditions. The affected routines have been fixed to correctly detect and report errors in the event of a low-memory condition preventing their correct operation. As a result, applications running under low-memory conditions no longer crash while calling localization routines.
Users of glibc are advised to upgrade to these updated packages, which fix these bugs.
Updated glibc packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
Bug Fix
- BZ#924825
- The C library security mechanism was unable to handle dynamically loaded character conversion routines when loaded at specific virtual addresses. This resulted in an unexpected termination with a segmentation fault when trying to use the dynamically loaded character conversion routine. This update enhances the C library security mechanism to handle dynamically loaded character conversion routines at any virtual memory address and the crashes no longer occur in the described scenario.
Users of glibc are advised to upgrade to these updated packages, which fix this bug.
Updated glibc packages that fix two security issues and two bugs are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.
Security Fixes
- CVE-2013-1914
- It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.
- CVE-2013-0242
- A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.
Bug Fixes
- BZ#950535
- The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993 for further information.
- BZ#951493
- It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access.
Users of glibc are advised to upgrade to these updated packages, which contain backported patches to correct these issues.