[El-errata] ELSA-2014-1391 Moderate: Oracle Linux 6 glibc security, bug fix, and enhancement update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Oct 16 09:30:09 PDT 2014
Oracle Linux Security Advisory ELSA-2014-1391
https://rhn.redhat.com/errata/RHSA-2014-1391.html
The following updated rpms for Oracle Linux 6 have been uploaded to the
Unbreakable Linux Network:
i386:
glibc-2.12-1.149.el6.i686.rpm
glibc-common-2.12-1.149.el6.i686.rpm
glibc-devel-2.12-1.149.el6.i686.rpm
glibc-headers-2.12-1.149.el6.i686.rpm
glibc-static-2.12-1.149.el6.i686.rpm
glibc-utils-2.12-1.149.el6.i686.rpm
nscd-2.12-1.149.el6.i686.rpm
x86_64:
glibc-2.12-1.149.el6.i686.rpm
glibc-2.12-1.149.el6.x86_64.rpm
glibc-common-2.12-1.149.el6.x86_64.rpm
glibc-devel-2.12-1.149.el6.i686.rpm
glibc-devel-2.12-1.149.el6.x86_64.rpm
glibc-headers-2.12-1.149.el6.x86_64.rpm
glibc-static-2.12-1.149.el6.i686.rpm
glibc-static-2.12-1.149.el6.x86_64.rpm
glibc-utils-2.12-1.149.el6.x86_64.rpm
nscd-2.12-1.149.el6.x86_64.rpm
SRPMS:
http://oss.oracle.com/ol6/SRPMS-updates/glibc-2.12-1.149.el6.src.rpm
Description of changes:
[2.12-1.149]
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names
(CVE-2014-0475,
[2.12-1.148]
- Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025).
[2.12-1.147]
- Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458,
#1111460).
- Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460).
[2.12-1.146]
- Fix memory order when reading libgcc handle (#905941).
- Fix format specifier in malloc_info output (#1027261).
- Fix nscd lookup for innetgr when netgroup has wildcards (#1054846).
[2.12-1.145]
- Add mmap usage to malloc_info output (#1027261).
[2.12-1.144]
- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833).
[2.12-1.143]
- [ppc] Add VDSO IFUNC for gettimeofday (#1028285).
- [ppc] Fix ftime gettimeofday internal call returning bogus data
(#1099025).
[2.12-1.142]
- Also relocate in dependency order when doing symbol dependency testing
(#1019916).
[2.12-1.141]
- Fix infinite loop in nscd when netgroup is empty (#1085273).
- Provide correct buffer length to netgroup queries in nscd (#1074342).
- Return NULL for wildcard values in getnetgrent from nscd (#1085289).
- Avoid overlapping addresses to stpcpy calls in nscd (#1082379).
- Initialize all of datahead structure in nscd (#1074353).
[2.12-1.140]
- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628).
[2.12-1.139]
- Do not fail if one of the two responses to AF_UNSPEC fails (#845218).
[2.12-1.138]
- nscd: Make SELinux checks dynamic (#1025933).
[2.12-1.137]
- Fix race in free() of fastbin chunk (#1027101).
[2.12-1.136]
- Fix copy relocations handling of unique objects (#1032628).
[2.12-1.135]
- Fix encoding name for IDN in getaddrinfo (#981942).
[2.12-1.134]
- Fix return code from getent netgroup when the netgroup is not found
(#1039988).
- Fix handling of static TLS in dlopen'ed objects (#995972).
[2.12-1.133]
- Don't use alloca in addgetnetgrentX (#1043557).
- Adjust pointers to triplets in netgroup query data (#1043557).
More information about the El-errata
mailing list