OVMSA-2014-0033 - glibc security update
| Type: | SECURITY |
| Impact: | MODERATE |
| Release Date: | 2014-11-03 |
Description
[2.12-1.149]
- Remove gconv transliteration loadable modules support (CVE-2014-5119,
- _nl_find_locale: Improve handling of crafted locale names (CVE-2014-0475,
[2.12-1.148]
- Switch gettimeofday from INTUSE to libc_hidden_proto (#1099025).
[2.12-1.147]
- Fix stack overflow due to large AF_INET6 requests (CVE-2013-4458, #1111460).
- Fix buffer overflow in readdir_r (CVE-2013-4237, #1111460).
[2.12-1.146]
- Fix memory order when reading libgcc handle (#905941).
- Fix format specifier in malloc_info output (#1027261).
- Fix nscd lookup for innetgr when netgroup has wildcards (#1054846).
[2.12-1.145]
- Add mmap usage to malloc_info output (#1027261).
[2.12-1.144]
- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1087833).
[2.12-1.143]
- [ppc] Add VDSO IFUNC for gettimeofday (#1028285).
- [ppc] Fix ftime gettimeofday internal call returning bogus data (#1099025).
[2.12-1.142]
- Also relocate in dependency order when doing symbol dependency testing
(#1019916).
[2.12-1.141]
- Fix infinite loop in nscd when netgroup is empty (#1085273).
- Provide correct buffer length to netgroup queries in nscd (#1074342).
- Return NULL for wildcard values in getnetgrent from nscd (#1085289).
- Avoid overlapping addresses to stpcpy calls in nscd (#1082379).
- Initialize all of datahead structure in nscd (#1074353).
[2.12-1.140]
- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1044628).
[2.12-1.139]
- Do not fail if one of the two responses to AF_UNSPEC fails (#845218).
[2.12-1.138]
- nscd: Make SELinux checks dynamic (#1025933).
[2.12-1.137]
- Fix race in free() of fastbin chunk (#1027101).
[2.12-1.136]
- Fix copy relocations handling of unique objects (#1032628).
[2.12-1.135]
- Fix encoding name for IDN in getaddrinfo (#981942).
[2.12-1.134]
- Fix return code from getent netgroup when the netgroup is not found (#1039988).
- Fix handling of static TLS in dlopen'ed objects (#995972).
[2.12-1.133]
- Don't use alloca in addgetnetgrentX (#1043557).
- Adjust pointers to triplets in netgroup query data (#1043557).
Related CVEs
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
|
| Oracle VM 3.3 (x86_64) | glibc-2.12-1.149.el6.src.rpm | e7a1ea8f19f432480b096835edcd78bff986c0850020401972845924a488e09e | OVMBA-2021-0032 | ovm3_x86_64_3.3_patch |
| glibc-2.12-1.149.el6.i686.rpm | efb6b803ef18bd7805fb9d68e1e8334b2cba0388b9e585a1deefb9456d15d309 | OVMBA-2021-0032 | ovm3_x86_64_3.3_patch |
| glibc-2.12-1.149.el6.x86_64.rpm | 242ee7d75ae21836fa0a90562e06d9cdf825b8b4a7436c3ef62ec46920586b98 | OVMBA-2021-0032 | ovm3_x86_64_3.3_patch |
| glibc-common-2.12-1.149.el6.x86_64.rpm | 68dcce60a7acbe92d9035f73f2f670d82a51c69b6e89d316601fc900160ee232 | OVMBA-2021-0032 | ovm3_x86_64_3.3_patch |
| nscd-2.12-1.149.el6.x86_64.rpm | 425c2f49deda0f42e84723c6898134cbf568d4651f7331a1b21dac97e70ed7d5 | OVMBA-2021-0032 | ovm3_x86_64_3.3_patch |
This page is generated automatically and has not been checked for errors or omissions. For clarification
or corrections please contact the Oracle Linux ULN team
