[Oraclevm-errata] OVMSA-2016-0013 Critical: Oracle VM 3.3 glibc security update
Errata Announcements for Oracle VM
oraclevm-errata at oss.oracle.com
Tue Feb 16 17:49:54 PST 2016
Oracle VM Security Advisory OVMSA-2016-0013
The following updated rpms for Oracle VM 3.3 have been uploaded to the
Unbreakable Linux Network:
x86_64:
glibc-2.12-1.166.el6_7.7.i686.rpm
glibc-2.12-1.166.el6_7.7.x86_64.rpm
glibc-common-2.12-1.166.el6_7.7.x86_64.rpm
nscd-2.12-1.166.el6_7.7.x86_64.rpm
SRPMS:
http://oss.oracle.com/oraclevm/server/3.3/SRPMS-updates/glibc-2.12-1.166.el6_7.7.src.rpm
Description of changes:
[2.12-1.166.7]
- Update fix for CVE-2015-7547 (#1296028).
[2.12-1.166.6]
- Create helper threads with enough stack for POSIX AIO and timers
(#1301625).
[2.12-1.166.5]
- Fix CVE-2015-7547: getaddrinfo() stack-based buffer overflow (#1296028).
[2.12-1.166.4]
- Support loading more libraries with static TLS (#1291270).
[2.12-1.166.3]
- Check for NULL arena pointer in _int_pvalloc (#1256890).
- Don't change no_dyn_threshold on mallopt failure (#1256891).
[2.12-1.166.2]
- Unlock main arena after allocation in calloc (#1256812).
- Enable robust malloc change again (#1256812).
- Fix perturbing in malloc on free and simply perturb_byte (#1256812).
- Don't fall back to mmap prematurely (#1256812).
[-2.12-1.166.1]
- The malloc deadlock avoidance support has been temporarily removed
since it
triggers deadlocks in certain applications (#1244002).
[2.12-1.166]
- Fix ruserok() check to reject, not skip, negative user checks (#1217186).
[2.12-1.165]
- Optimize ruserok() function for large ~/.rhosts (#1217186).
[2.12-1.164]
- Fix crash in valloc due to the backtrace deadlock fix (#1207236).
[2.12-1.163]
- Fix buffer overflow in gethostbyname_r with misaligned buffer
(#1209376, CVE-2015-1781).
[2.12-1.162]
- Avoid deadlock in malloc on backtrace (#1066724).
[2.12-1.161]
- Support running applications that use Intel AVX-512 (#1195453).
[2.12-1.160]
- Silence logging of record type mismatch for DNSSEC records (#1088301).
[2.12-1.159]
- Shrink heap on free when vm.overcommit_memory == 2 (#867679).
[2.12-1.158]
- Enhance nscd to detect any configuration file changes (#859965).
- Fix __times() handling of EFAULT when buf is NULL (#1124204).
- Fix memory leak with dlopen() and thread-local storage variables
(#978098).
- Prevent getaddrinfo from writing DNS queries to random fd (CVE-2013-7423,
- Implement userspace half of in6.h header coordination (#1053178).
- Correctely size relocation cache used by profiler (#1144132).
- Fix reuse of cached stack leading to bounds overrun of DTV (#1116050).
[2.12-1.157]
- Return failure in getnetgrent only when all netgroups have been searched
(#1085312).
- Fix valgrind warning in nscd_stats (#1091915).
[2.12-1.156]
- Initialize xports array (#1159167).
- Fix tst-default-attr test to not fail on powerpc (#1023306).
[2.12-1.155]
- Fix parsing of numeric hosts in gethostbyname_r (CVE-2015-0235, #1183534).
[2.12-1.154]
- Fix typo in nscd/selinux.c (#1125307).
- Actually run test-iconv modules (#1176907).
[2.12-1.153]
- Fix recursive dlopen() (#1154563).
[2.12-1.152]
- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
#1172044).
[2.12-1.151]
- Fix wordexp() to honour WRDE_NOCMD (CVE-2014-7817, #1171296).
[2.12-1.150]
- Fix typo in res_send and res_query (#rh1138769).
More information about the Oraclevm-errata
mailing list