4.56. glibc

Security Fixes

CVE-2009-5029

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

CVE-2009-5064

A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd.

CVE-2010-0830

An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

CVE-2011-1089

It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file.

CVE-2011-4609

A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time.

BZ#745487

Previously, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. Initialization routines for depended-upon objects were not being called before the objects, which depended on them, were being initialized. This manifested itself only when initializing compiled C++ libraries whose global initialization depended upon the global initialization of data in other libraries which they were linked against at link time, generating a DT_NEEDED entry. With this update, implementation of the topological sort algorithm for dependency resolution has been fixed, and functions for initialization and termination are now ordered correctly.

BZ#585433

Priviously, glibc incorrectly computed the amount of memory needed by strcoll_l and strxfrm functions. As a consequence, a stack overflow could occur, especially in multi-threaded applications with small stack sizes. This update fixes the memory usage computations and avoids the stack overflows.

BZ#657570

Prior to this update, glibc used an incorrect matching algorithm in the strptime function. As a result, strptime could misparse months in certain locales including Polish and Vietnamese. This update corrects the matching algorithm in strptime.

BZ#675259

Priviously, the glibc locale information was wrong for certain French, Spanish and German locales. As a result, incorrect numeric output could be reported. This update corrects the information.

BZ#678318

Prior to this update, nss_nis client code in glibc attempted to read the passwd.adjunct table for certain usernames. This typically required more privileges than a normal user has and thus errors were logged on the The Network Information Service (NIS) server. This update changes glibc to only refer to passwd.adjunct when it is actually necessary.

BZ#711924

Priviously, the dl_debug_state RT_CONSISTENT incorrectly occurred before applying dynamic relocations. As a result, debugging tools could not correctly monitor this call. This update adds systemtap-probes at a superset of the locations where the dl_debug_state was called.

BZ#711531

Prior to this update, glibc did not initialize the robust futex list after a fork. As a result, shared robust mutexes were not cleaned up when the child exited. This update ensures that the robust futex list is correctly initialized after a fork system call.

BZ#707998

Prior to this update, glibc returned incorrect error codes from the pthread_create. This could lead some programs to incorrectly issue an error for a transient failure, such as a temporary out of memory condition. This update ensures glibc returns the correct error code when memory allocation fails in pthread_create.

BZ#706894

Prior to this update, the system configuration option _SC_NPROCESSORS_CONF returned the total number of active processors configured rather than the total number of configured processors. This update changes glibc to query system configurations to get the number of configured processors correctly.

BZ#703345

Prior to this update, getpwent could incorrectly query NIS when using the nss_compat option. This could lead to incorrect results (missing entries) for calls to getpwent. This update changes glibc to only query the NIS domain when needed.

BZ#729661

Prior to this update, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. This could result in incorrect ordering of DSO constructors and destructors. With this update, dependency resolution has been fixed

BZ#756453

Prior to this update, the libresolv routines were not compiled with the stack protector enabled. As a consequence, a buffer overflow attack vector could occur if the libresolv routines had potential stack overflows. This update turns on the stack protector mechanisms for libresolv.

BZ#758252

Prior to this update, the futimes function rounded values rather than truncate them. As a consequence, file modification, access, or creation times could be incorrect. This update correctly truncates values and gives the correct file modification, access & creation times.