Updated glibc packages that fix several bugs are now available for Red Hat Enterprise Linux 6 Extended Update Support.
The glibc packages contain the standard C and the standard math libraries. These libraries are used by multiple programs on the system, and without these libraries, the Linux system cannot function properly.
Under certain circumstances, a threaded process could have been granted incomplete group membership of the user who was running the process. This was caused by glibc using its default method for group membership determination, which led to the situation where multiple threads interfered with each other while attempting to retrieve the information simultaneously. Due to the nature of the group membership determination method used, each thread ended up with a different subset of the entire result set. With this update, the group membership determination method has been modified to precede this interference.
When a process corrupted its heap, the malloc() function could have entered a deadlock situation while building up an error message string. This caused the process unresponsive. With this update, the code has been modified to use the mmap() function to allocate memory for the error message. This workaround ensures that malloc() deadlock no longer occurs when allocating memory for an error message when the corrupted process heap is detected, and such a process is now normally aborted.
Previously, nscd did not take into consideration time-to-live (TTL) parameters for the DNS records it was caching. With this update, the code has been modified so that nscd now respects TTL parameters when it answers requests for DNS records.
All users of glibc are advised to upgrade to these updated packages, which fix these bugs.