Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: <updates <at> fedoraproject.org>
Subject: [SECURITY] Fedora 16 Update: glibc-2.14.90-24.fc16.6
Newsgroups: gmane.linux.redhat.fedora.package.announce
Date: Saturday 25th February 2012 08:36:01 UTC (over 4 years ago)
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-2162
2012-02-22 01:38:51
--------------------------------------------------------------------------------

Name        : glibc
Product     : Fedora 16
Version     : 2.14.90
Release     : 24.fc16.6
URL         : http://www.gnu.org/software/glibc/
Summary     : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

Avoid "nargs" integer overflow which can be used to bypass FORTIFY_SOURCE
protections.

Revert changes for 552960, they're still causing problems.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 20 2012 Jeff Law  - 2.14.90-24.fc16.6
- Avoid "nargs" integer overflow which could be used to bypass
FORTIFY_SOURCE (#794797)
  - Disable 552960/769421 patches again, they're still not right.
* Fri Feb 10 2012 Jeff Law  - 2.14.90-24.fc16.5
- Fix lost wakeups in pthread_cond_*.  (#552960, #769421)
  - Define x86_64 feraiseexcept inline only under __USE_EXTERN_INLINES
(#769993).
* Thu Dec 22 2011 Jeff Law  - 2.14.90-24.fc16.4
- Revert change for 552960, it's causing multiple problems.
* Sun Dec 18 2011 Jeff Law  - 2.14.90-24.fc16.3
- Check values from TZ file header (#767696)
  - Handle EAGAIN from FUTEX_WAIT_REQUEUE_PI (#552960)
  - Add {dist}.#
  - Correct return value from pthread_create when stack alloction fails.
    (#767746)
* Wed Dec  7 2011 Jeff Law  - 2.14.90-23
- Fix a wrong constant in powerpc hypot implementation (#750811)
          - Truncate time values in Linux futimes when falling back to
utime
* Mon Dec  5 2011 Jeff Law  - 2.14.90-22
- Mark fortified __FD_ELT as extension (#761021)
  - Fix typo in manual (#708455)
* Wed Nov 30 2011 Jeff Law  - 2.14.90-21
- Don't fail in makedb if SELinux is disabled (#750858)
  - Fix access after end of search string in regex matcher (#757887)
* Mon Nov 28 2011 Jeff Law  - 2.14.90-20
- Drop lock before calling malloc_printerr (#757881)
* Fri Nov 18 2011 Jeff Law  - 2.14.90-19
- Check malloc arena atomically  (BZ#13071)
  - Don't call reused_arena when _int_new_arena failed (#753601)
* Wed Nov 16 2011 Jeff Law  - 2.14.90-18
- Fix grouping and reuse other locales in various locales (BZ#13147)
* Tue Nov 15 2011 Jeff Law  - 2.14.90-17
Revert bogus commits/rebasing of Nov 14, Nov 11 and Nov 8.  Sources
  should be equivalent to Fedora 16's initial release.
* Wed Oct 26 2011 Fedora Release Engineering
 - 2.14.90-15
- Rebuilt for glibc bug#747377
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #794797 - CVE-2012-0864 glibc: F_S format string protection
bypass via "nargs" integer overflow [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=794797
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on
the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/package-announce
 
CD: 2ms