ELSA-2015-2199

ELSA-2015-2199 - glibc security, bug fix, and enhancement update

Type:SECURITY
Impact:MODERATE
Release Date:2015-11-24

Description


[2.17-105.0.1]
- Remove strstr and strcasestr implementations using sse4.2 instructions.
- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and
1818483b15d22016b0eae41d37ee91cc87b37510 backported.

[2.17-105]
- Fix up test case for initial-exec fix (#1248208).

[2.17-104]
- Mark all TLS variables in libc.so as initial-exec (#1248208).

[2.17-103]
- Apply correct fix for #1195672.

[2.17-102]
- Remove workaround for kernel netlink bug (#1089836).
- Use only 32-bit instructions in optimized 32-bit POWER functions (#1240796).

[2.17-101]
- Correct the AArch64 ABI baseline for libpthread (#1234622).

[2.17-100]
- Prevent tst-rec-dlopen from intermittently failing in parallel
builds due to a missing makefile dependency (#1225959).

[2.17-99]
- Increase AArch64 TLS descriptor performance (#1202952).

[2.17-98]
- Move arch-specific header files from glibc-headers to glibc-devel (#1230328).

[2.17-97]
- Rebase high-precision timing support for microbenchmark (#1214326).

[2.17-96]
- Rebase microbenchmarks from upstream for performance testing (#1214326)
- Fix running microbenchmark script bench.pl from source (#1084395)

[2.17-95]
- Enable systemtap support for all architectures (#1225490).

[2.17-94]
- Fix ruserok API scalability issues (#1216246).

[2.17-93]
- Backport fixes and enhancements for ppc64 and ppc64le (#1162895).
- Correct DT_PPC64_NUM in elf/elf.h.
- Correct IBM long double frexpl.
- Correct IBM long double nextafterl.

[2.17-92]
- Backport fixes for various security flaws (#1209107):
- Prevent heap buffer overflow in swscanf (CVE-2015-1472, CVE-2015-1473,
- Prevent integer overflow in _IO_wstr_overflow (#1195762).
- Prevent potential denial of service in internal_fnmatch (#1197730).
- Prevent buffer overflow in gethostbyname_r and related functions
with misaligned buffer (CVE-2015-1781, #1199525).

[2.17-91]
- Allow more shared libraries with static TLS to be loaded (#1227699).

[2.17-90]
- Work around kernel netlink bug on some specialized hardware setup (#1089836).
- Fix invalid file descriptor reuse when sending DNS query
(CVE-2013-7423, #1194143).
- Sync netinet/tcp.h with the kernel (#1219891).

[2.17-89]
- Avoid deadlock in malloc on backtrace (#1207032).
- Actually test iconv modules (#1176906).
- Use calloc to allocate xports (#1159169).
- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1098042).

[2.17-88]
- Add librtkaio.abilist generated by make update-abi (#1173238).

[2.18-87]
- Enhance nscd inotify support (#1193797).

[2.17-86]
- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1173537).

[2.17-85]
- Skip logging for DNSSEC responses (#1186620).
- Also apply the RHEL6.7 Makerules patch (#1189278).

[2.17-84]
- Initialize nscd stats data (#1183456).

[2.17-83]
- Resize DTV if the current DTV isn't big enough (#1189278).

[2.17-82]
- Backport an alternate implementation of strstr and strcasestr for
x86 that doesn't use the stack for temporaries requiring 16-byte
alignment (#1150282).

[2.17-81]
- Fix recursive dlopen() (#1165212).
- Correctly size profiling reloc table (#1144133).

[2.17-80]
- Work around a suspected gcc 4.8 bug (#1064066).

[2.17-79]
- Restructure spec file to unconditionally apply ppc64le support (#1182355).
- Fix test failure in test-ildoubl on ppc64 (#1186491).


Related CVEs


CVE-2013-7423
CVE-2015-1472
CVE-2015-1473
CVE-2015-1781

Updated Packages


Release/ArchitectureFilenamesha256Superseded By AdvisoryChannel Label
Oracle Linux 7 (x86_64) glibc-2.17-105.0.1.el7.src.rpm9f79dadcdbceed0de77a2b78ab292791f3e66dd72a1c014c32807efdaffa7e83ELSA-2024-12444ol7_x86_64_latest_archive
glibc-2.17-105.0.1.el7.src.rpm9f79dadcdbceed0de77a2b78ab292791f3e66dd72a1c014c32807efdaffa7e83ELSA-2024-12444ol7_x86_64_optional_archive
glibc-2.17-105.0.1.el7.src.rpm9f79dadcdbceed0de77a2b78ab292791f3e66dd72a1c014c32807efdaffa7e83ELSA-2024-12444ol7_x86_64_u2_base
glibc-2.17-105.0.1.el7.i686.rpm5ab20ce70edbcf1d81db781e2307885682f6dc7924e314d7de5ae47f8cdd1b43ELSA-2024-12444ol7_x86_64_latest_archive
glibc-2.17-105.0.1.el7.i686.rpm5ab20ce70edbcf1d81db781e2307885682f6dc7924e314d7de5ae47f8cdd1b43ELSA-2024-12444ol7_x86_64_u2_base
glibc-2.17-105.0.1.el7.x86_64.rpmf97aab85e3ba7a65c847e1ef72583e6d1ef0e82b762c7099e4a38a73be6fcbb0ELSA-2024-12444ol7_x86_64_latest_archive
glibc-2.17-105.0.1.el7.x86_64.rpmf97aab85e3ba7a65c847e1ef72583e6d1ef0e82b762c7099e4a38a73be6fcbb0ELSA-2024-12444ol7_x86_64_u2_base
glibc-common-2.17-105.0.1.el7.x86_64.rpm24da50b47788909a40fcb2fd95a2cceb6f8b415a2c0afee9c3d0c20ce62b3477ELSA-2024-12444ol7_x86_64_latest_archive
glibc-common-2.17-105.0.1.el7.x86_64.rpm24da50b47788909a40fcb2fd95a2cceb6f8b415a2c0afee9c3d0c20ce62b3477ELSA-2024-12444ol7_x86_64_u2_base
glibc-devel-2.17-105.0.1.el7.i686.rpm87d78b3fd6433b026486dc278d19c23db4a80509b14b9638e27da2517aef2eaaELSA-2024-12444ol7_x86_64_latest_archive
glibc-devel-2.17-105.0.1.el7.i686.rpm87d78b3fd6433b026486dc278d19c23db4a80509b14b9638e27da2517aef2eaaELSA-2024-12444ol7_x86_64_u2_base
glibc-devel-2.17-105.0.1.el7.x86_64.rpmcd666867d93210abff30245529c85ac3eb6575805a7f6bc6ba4db2792c807a38ELSA-2024-12444ol7_x86_64_latest_archive
glibc-devel-2.17-105.0.1.el7.x86_64.rpmcd666867d93210abff30245529c85ac3eb6575805a7f6bc6ba4db2792c807a38ELSA-2024-12444ol7_x86_64_u2_base
glibc-headers-2.17-105.0.1.el7.x86_64.rpmfb5432231388ea778201f9426920bfb639ba712e0f7262e36ce9ffab16fdae94ELSA-2024-12444ol7_x86_64_latest_archive
glibc-headers-2.17-105.0.1.el7.x86_64.rpmfb5432231388ea778201f9426920bfb639ba712e0f7262e36ce9ffab16fdae94ELSA-2024-12444ol7_x86_64_u2_base
glibc-static-2.17-105.0.1.el7.i686.rpm49bdce04aed5cdfc0659547d947d937249b5a8a1993b40966fdf7634a843389cELSA-2024-12444ol7_x86_64_optional_archive
glibc-static-2.17-105.0.1.el7.x86_64.rpm29fd3780dc58bbbc3d99106962f39ef85dc6662ba312c8d3bcf6ecd3c4a67233ELSA-2024-12444ol7_x86_64_optional_archive
glibc-utils-2.17-105.0.1.el7.x86_64.rpm5bb3bc7da3d28a6ede991c98d17246686133712d11295d95fc38813b29a9ffabELSA-2024-12444ol7_x86_64_latest_archive
glibc-utils-2.17-105.0.1.el7.x86_64.rpm5bb3bc7da3d28a6ede991c98d17246686133712d11295d95fc38813b29a9ffabELSA-2024-12444ol7_x86_64_u2_base
nscd-2.17-105.0.1.el7.x86_64.rpmab2567f4f52f6c32543a43a61eb3a8fdf71d8740316509551028ec76e5526a29ELSA-2024-12444ol7_x86_64_latest_archive
nscd-2.17-105.0.1.el7.x86_64.rpmab2567f4f52f6c32543a43a61eb3a8fdf71d8740316509551028ec76e5526a29ELSA-2024-12444ol7_x86_64_u2_base



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete