- Prior to this update, glibc incorrectly handled the "options rotate" option in the /etc/resolv.conf file when this file also contained one or more IPv6 name servers. Consequently, DNS queries could unexpectedly fail, particularly when multiple queries were issued by a single process. This update fixes internalization of the listed servers from /etc/resolv.conf into glibc's internal structures, as well as the sorting and rotation of those structures to implement the "options rotate" capability. Now, DNS names are resolved correctly in glibc in the described scenario.
- CVE-2012-3404, CVE-2012-3405, CVE-2012-3406
- Multiple errors in glibc's formatted printing functionality could allow an attacker to bypass FORTIFY_SOURCE protections and execute arbitrary code using a format string flaw in an application, even though these protections are expected to limit the impact of such flaws to an application abort.
- A programming error caused an internal array of nameservers to be only partially initialized when the /etc/resolv.conf file contained IPv6 nameservers. Depending on the contents of a nearby structure, this could cause certain applications to terminate unexpectedly with a segmentation fault. The programming error has been fixed, which restores proper behavior with IPv6 nameservers listed in the /etc/resolv.conf file.
- A logic error caused glibc's DNS code to incorrectly handle rejected responses from DNS servers. Consequently, after a server returned a REJECT response, additional servers defined in the /etc/resolv.conf file sometimes failed to be searched. With this update, glibc properly cycles through the servers listed in /etc/resolv.conf even if one of them returns the REJECT response, thus fixing this bug.
- Prior to this update, an error in memory management within the glibc nscd daemon resulted in attempts to free a pointer that was not provided by the malloc() function. Consequently, nscd could terminate unexpectedly. This bug only happened when handling groups with a large number of members. This update ensures that memory allocated by the pool allocator is no longer passed to "free". Instead, we allow the pool allocator's garbage collector to reclaim the memory. As a result, nscd no longer crashes on groups with a large number of members.
- Multiple integer overflow flaws, leading to stack-based buffer overflows, were found in glibc's functions for converting a string to a numeric representation (strtod(), strtof(), and strtold()). If an application used such a function on attacker controlled input, it could cause the application to crash or, potentially, execute arbitrary code.
- Previously, if the
nscddaemon received a CNAME (Canonical Name) record as a response to a DNS (Domain Name System) query, the cached DNS entry adopted the TTL (Time to Live) value of the underlying
AAAAresponse. This caused the nscd daemon to wait an unexpectedly long time before reloading the DNS entry. With this update, nscd uses the shortest TTL from the response as the TTL for the entire record. DNS entries are now reloaded as expected in this scenario.
- Previously, locking of the main malloc arena was incorrect in the retry path. This could result in a deadlock if an sbrk request failed. With this update, locking of the main arena in the retry path has been fixed. This problem was exposed by a bug fix provided in the RHSA-2012:0058 update.
- glibc had incorrect information for numeric separators and groupings for French, Spanish, and German locales. Therefore, applications utilizing glibc's locale support printed numbers with the incorrect separators and groupings when those locales were in use. With this update, the separator and grouping information has been fixed.
- On some processors, when calling the
memcpy()function, the optimized function variant was used. However, the optimized function variant copies the buffer backwards. As a result, if the source and target buffers were overlapping, the program behaved in an unexpected way. While such calling is a violation of ANSI/ISO standards and therefore considered an error, this update restores the prior memcpy() behavior and such programs now use the non-optimized variant of the function to allow applications to behave as before.
- Previously, the dynamic loader generated an incorrect ordering for initialization, which did not adhere to the ELF specification. This could result in incorrect ordering of DSO (Dynamic Shared Object) constructors and destructors. With this update, the dependency resolution has been fixed.
- The RHBA-2011:1179 glibc update introduced a regression, causing glibc to incorrectly parse groups with more than 126 members. Consequently, applications, such as id, failed to list all the groups a particular user was a member of. With this update, group parsing has been fixed.
- Due to a race condition within its
malloc()routines, glibc incorrectly allocated too much memory. This could cause a multi-threaded application to allocate more memory to the threads than expected. With this update, the race condition has been fixed, and malloc's behavior is now consistent with the documentation regarding the MALLOC_ARENA_TEST and MALLOC_ARENA_MAX environment variables.
- Previously, glibc looked for an error condition in the incorrect location and therefore failed to process a second response buffer in the
gaih_getanswer()function. As a consequence, the
getaddrinfo()function could not properly return all addresses. This update fixes an incorrect error test condition in
gaih_getanswer()so that glibc now correctly parses the second response buffer. The
getaddrinfo()function now correctly returns all addresses.
- Previously, compiling code that was using the
htons()function with the
-Wconversionparameters caused bogus warnings similar to the following:
warning: conversion to \u2018short unsigned int\u2019 from \u2018int\u2019 may alter its valueThis update fixes types in multiple macros and the warning is no longer returned under these circumstances.
- Previously, glibc did not properly detect Intel Core i3, i5, and i7 processors. As a result, glibc sometimes used incorrect implementations of several functions resulting in poor performance. This update fixes the detection process and the library provides proper function implementation to the processors.
- Previously, glibc did not initialize the robust futex list after a
fork()call. As a result, shared robust mutex locks were not cleaned up after the child process exited. This update ensures that the robust futex list is correctly initialized after a fork system call.
- When a process corrupted its heap, the
malloc()function could enter a deadlock while creating an error message string. As a result, the process could become unresponsive. With this update, the process uses the
mmap()function to allocate memory for the error message instead of the
malloc()function. The malloc() deadlock therefore no longer occurs and the process with a corrupted heap now aborts gracefully.
- BZ#788959, BZ#797094, BZ#809602
- Previously, glibc unconditionally used
alloca()to allocate buffers in various routines. If such allocations applied large internal memory requests, stack overflows could occur and the application could terminate unexpectedly. This update applies several upstream patches so that glibc now uses
malloc()for these allocations and the problem no longer occurs.
- Previously, glibc used an incorrect symbol for the Ukrainian currency. With this update, the symbol has been fixed.
- Previously, it was not possible to install the 32-bit glibc-utils package on 64-bit systems and the package was therefore missing on 64-bit Intel architectures. This update modifies the spec file so as to move the respective files and avoid conflicts. As a result, the package is now installed on these 64-bit systems as expected.
- BZ#657572, BZ#785984
- Previously, glibc added unneccessary spaces to abbreviated month names in the Finish and Chinese locales. With this update, the underlying code has been modified and the spaces are no longer added in the abbreviated month names in the locales.
- Previously, glibc returned incorrect error codes from the
pthread_create()function. Consequently, some programs incorrectly issued an error for a transient failure, such as a temporary out-of-memory condition. This update ensures that glibc returns the correct error code when memory allocation fails in the
- Previously, glibc's dynamic loader incorrectly detected Advanced Vector Extensions (AVX) capabilities and could terminate unexpectedtly with a segmentation fault. This update fixes the AVX detection and the problem no longer occurs.
- Previously, an error string in glibc's
getoptroutines changed and, as the respective Japanese translation was not adapted, the system failed to find the Japanese version of the message. As a result, the error message was displayed in English even if the system locale was set to Japanese. This update fixes the Japanese translation of the error string and the problem no longer occurs.
- Previously, glibc's locking in the
IO_flush_all_lockp()function was incorrect. This resulted in a race condition with occasional deadlocks when calling the
fork()function in multi-threaded applications. This update fixes the locking and avoids the race condition.
- Previously, the
nscddaemon cached all transient results even if they were negative. This could result in erroneous nscd results. This update ensures that negative results of transient errors are not cached.
- When the
resolv.conffile contained only nameservers with IPv6 and
options rotatewas set, the search domain was always appended. However, this is not desired in the case of fully qualified domain names (FQDN) and if an FQDN was used, the resolution failed. With this update, the underlying code has been modified and if more than one IPv6 nameserver is defined in
resolv.conf, the FQDN is resolved correctly. Refer to bug 771204 for further information about this problem.
- Previously, when parsing the
resolv.conffile, glibc did not handle the parsing of spaces in nameserver entries correctly. Consequently, correct DNS lookups failed. This update fixes the space parsing and the problem no longer occurs.
getaddrinfo()call could return an incorrect value. This happened because the query for getaddrinfo was more complex than necessary and getaddrinfo failed to handle the additional information returned by the query correctly. With this update, the query no longer returns the addition information and the problem is fixed.