[El-errata] ELSA-2013-1605 Moderate: Oracle Linux 6 glibc security, bug fix, and enhancement update

Errata Announcements for Oracle Linux el-errata at oss.oracle.com
Tue Nov 26 06:35:35 PST 2013


Oracle Linux Security Advisory ELSA-2013-1605

https://rhn.redhat.com/errata/RHSA-2013-1605.html

The following updated rpms for Oracle Linux 6 have been uploaded to the 
Unbreakable Linux Network:

i386:
glibc-2.12-1.132.el6.i686.rpm
glibc-common-2.12-1.132.el6.i686.rpm
glibc-devel-2.12-1.132.el6.i686.rpm
glibc-headers-2.12-1.132.el6.i686.rpm
glibc-static-2.12-1.132.el6.i686.rpm
glibc-utils-2.12-1.132.el6.i686.rpm
nscd-2.12-1.132.el6.i686.rpm

x86_64:
glibc-2.12-1.132.el6.i686.rpm
glibc-2.12-1.132.el6.x86_64.rpm
glibc-common-2.12-1.132.el6.x86_64.rpm
glibc-devel-2.12-1.132.el6.i686.rpm
glibc-devel-2.12-1.132.el6.x86_64.rpm
glibc-headers-2.12-1.132.el6.x86_64.rpm
glibc-static-2.12-1.132.el6.i686.rpm
glibc-static-2.12-1.132.el6.x86_64.rpm
glibc-utils-2.12-1.132.el6.x86_64.rpm
nscd-2.12-1.132.el6.x86_64.rpm


SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/glibc-2.12-1.132.el6.src.rpm



Description of changes:

[2.12-1.132]
- Revert the addition of gettimeofday vDSO function for ppc and ppc64 until
   OPD VDSO function call issues are resolved (#1026533).

[2.12-1.131]
- Call gethostbyname4_r only for PF_UNSPEC (#1022022).

[2.12-1.130]
- Fix integer overflows in *valloc and memalign. (#1008310).

[2.12-1.129]
- Initialize res_hconf in nscd (#970090).

[2.12-1.128]
- Update previous patch for dcigettext.c and loadmsgcat.c (#834386).

[2.12-1.127]
- Save search paths before performing relro protection (#988931).

[2.12-1.126]
- Correctly name the 240-bit slow path sytemtap probe slowpow_p10 for 
slowpow (#905575).

[2.12-1.125]
- Align value of stacksize in nptl-init (#663641).

[2.12-1.124]
- Renamed release engineering directory from 'fedora' to `releng' (#903754).

[2.12-1.123]
- Backport GLIBC sched_getcpu and gettimeofday vDSO functions for ppc 
(#929302).
- Fall back to local DNS if resolv.conf does not define nameservers 
(#928318).
- Add systemtap probes to slowexp and slowpow (#905575).

[2.12-1.122]
- Fix getaddrinfo stack overflow resulting in application crash 
(CVE-2013-1914, #951213).
- Fix multibyte character processing crash in regexp (CVE-2013-0242, 
#951213).

[2.12-1.121]
- Add netgroup cache support for nscd (#629823).

[2.12-1.120]
- Fix multiple nss_compat initgroups() bugs (#966778).
- Don't use simple lookup for AF_INET when AI_CANONNAME is set (#863384).

[2.12-1.119]
- Add MAP_HUGETLB and MAP_STACK support (#916986).
- Update translation for stale file handle error (#970776).

[2.12-1.118]
- Improve performance of _SC_NPROCESSORS_ONLN (#rh952422).
- Fix up _init in pt-initfini to accept arguments (#663641).

[2.12-1.117]
- Set reasonable limits on xdr requests to prevent memory leaks (#848748).

[2.12-1.116]
- Fix mutex locking for PI mutexes on spurious wake-ups on pthread condvars
   (#552960).
- New environment variable GLIBC_PTHREAD_STACKSIZE to set thread stack size
   (#663641).

[2.12-1.115]
- Improved handling of recursive calls in backtrace (#868808).

[2.12-1.114]
- The ttyname and ttyname_r functions on Linux now fall back to 
searching for
   the tty file descriptor in /dev/pts or /dev if /proc is not 
available.  This
   allows creation of chroots without the procfs mounted on /proc. 
(#851470)

[2.12-1.113]
- Don't free rpath strings allocated during startup until after
   ld.so is re-relocated. (#862094)

[2.12-1.112]
- Consistantly MANGLE/DEMANGLE function pointers.
   Fix use after free in dcigettext.c (#834386).

[2.12-1.111]
- Change rounding mode only when necessary (#966775).

[2.12-1.110]
- Backport of code to allow incremental loading of library list (#886968).

[2.12-1.109]
- Fix loading of audit libraries when TLS is in use (#919562)

[2.12-1.108]
- Fix application of SIMD FP exception mask (#929388).






More information about the El-errata mailing list