4.33. glibc

Bug Fixes

BZ#706571

The library uses the compat_call() function which in turn uses the getgrent_r() function which is reentrant safe, but not thread safe. As a result, if multiple threads call getgrent_r() using compat_call(), they may race against each other, resulting in some groups not being properly reported. With this update, locking was added to the compat_call() function to prevent multiple threads from racing. All groups are now properly reported.

BZ#816647

A library security mechanism failed to correctly run the initialization function of dynamically-loaded character conversion routines. Consequently, glibc could sometimes terminate unexpectedly with a segmentation fault when attempting to use one dynamically-loaded character conversion routine. The library security mechanism has been fixed to correctly run the initialization function. After this update, the aforementioned problem no longer occurs in this situation.

BZ#835828

Various bugs in the wide character version of the fseek() function resulted in the internal FILE offset field being set incorrectly in wide character streams. As a result, the offset returned by the ftell() function was incorrect, and sometimes, data could be overwritten. The ftell() function was fixed to correctly set the internal FILE offset field for wide characters. The ftell() and fseek() functions now handle offsets for wide characters correctly.

BZ#861871

A fix to prevent logic errors in various mathematical functions, including exp(), exp2(), expf(), exp2f(), pow(), sin(), tan(), and rint(), caused by inconsistent results when the functions were used with the non-default rounding mode, creates performance regressions for certain inputs. The performance regressions have been analyzed and the core routines have been optimized to improve performance.

BZ#929035

A defect in the nscd daemon caused it to cache results for DNS entries with a TTL value of zero. This caused DNS lookups to return stale results. The nscd daemon has been fixed to correctly respect DNS TTL entries of zero. The nscd daemon no longer cache DNS entries with a TTL of zero and lookups for those entries return the correct and current results.

BZ#957089

A defect in the library localization routines resulted in unexpected termination of the application in low-memory conditions. The affected routines have been fixed to correctly detect and report errors when a low-memory condition prevents their correct operation. Applications running under low-memory conditions no longer terminate unexpectedly while calling localization routines.

Bug Fixes

BZ#962903

A bug in the nscd daemon caused it to cache results for DNS entries with a TTL value of zero. Consequently, DNS lookups returned stale results. The nscd daemon has been fixed to correctly respect DNS TTL entries of zero. Now, nscd no longer caches DNS entries with a TTL of zero and lookups for those entries return correct and current results.

BZ#963812

Previously, a library-security mechanism failed to correctly run the initialization functions of dynamically loaded character-conversion routines. This could lead to an unexpected termination with a segmentation fault when trying to use such a routine. With this update, the library-security mechanism has been fixed to correctly run the initialization functions and the character-conversion routines no longer cause crashes.

BZ#963813

Due to a bug in the library-localization routines, applications could terminate unexpectedly in low-memory conditions. The affected routines have been fixed to correctly detect and report errors in the event of a low-memory condition preventing their correct operation. As a result, applications running under low-memory conditions no longer crash while calling localization routines.

Bug Fix

BZ#924825

The C library security mechanism was unable to handle dynamically loaded character conversion routines when loaded at specific virtual addresses. This resulted in an unexpected termination with a segmentation fault when trying to use the dynamically loaded character conversion routine. This update enhances the C library security mechanism to handle dynamically loaded character conversion routines at any virtual memory address and the crashes no longer occur in the described scenario.

Security Fixes

CVE-2013-1914

It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash.

CVE-2013-0242

A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash.

Bug Fixes

BZ#950535

The improvements RHSA-2012:1207 made to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. Refer to Red Hat Knowledge solution 229993 for further information.

BZ#951493

It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access.