RHBA-2011:0109 - Bug Fix Advisory

Topic

Updated glibc packages that fix several bugs and add an enhancement are now
available for Red Hat Enterprise Linux 5.

Description

The glibc packages contain the standard C libraries used by multiple programs on
the system. These packages contain the standard C and the standard math
libraries. Without these two libraries, the Linux system cannot function
properly.

These updated glibc packages provide fixes for the following bugs:

• Executing the 'memusage' command (provided by the memusage utility, which is a

part of the glibc-devel package) could cause a segmentation fault. This update
fixes the found deficiency and the 'memusage' command works as expected.
(BZ#531576)

• Prior to this update, a DNS resolver could fail to report an appropriate error

when the supplied buffer was too small. This resulted in a truncated response
instead of asking the caller to resize the buffer and try again. With this
update, small buffers are handled correctly and the DNS resolver no longer
fails. (BZ#533367)

• A deadlock that could cause an application to hang could occur when the

'dlclose' function was called. This resulted in the cancellation of a thread.
With this update, a deadlock no longer occurs when calling the 'dlclose'
function. (BZ#549813)

• This update limits the amount of stack usage when adding an environment

variable with a long name or value. (BZ#559974)

• Submitting an AIO (Asynchronous Input/Output) write request requires a

creation of a helper thread to handle the request. If the creation of this
thread failed, a corruption of the glibc internal data structures could occur.
This resulted in a crash when the next AIO request was submitted. This update
corrects this issue by making sure the internal data structures remain
consistent. (BZ#566712)

• Previously, there was an error in the POWER6 implementation of the 'memcpy'

and 'memset' functions. As a result, using Concurrent Versions System (CVS) with
Kerberos authentication on the 32-bit PowerPC architecture may have failed with
a segmentation fault. This error has been fixed, and both 'memcpy' and 'memset'
functions now work as expected. (BZ#579011)

• Due to a race in the 'free()' function, enabling 'MALLOC_CHECK_' could cause a

segmentation fault. This update adds proper locking in the 'free()' function to
prevent the aforementioned segmentation fault. (BZ#585674)

• Under certain conditions, cancellation of a thread did not invoke a cleanup

handler. This update adds more complete information to the unwind library for
glibc, thus, when canceling a thread, a cleanup handler is invoked before the
thread is terminated under all circumstances. (BZ#593047)

• Under certain circumstances, unloading a module could leave the remaining

modules' symbol search list in an inconsistent state. Consequent to this
inconsistency, symbol lookups could spuriously fail to find the symbol. This
update corrects this: module unloading no longer produces inconsistent state in
the symbol search list. (BZ#593675)

• Previously, pattern matching of specific digraphs was not consistent across

all architectures. This was caused by a misinterpretation of the locale's
collation information. With this update, the digraphs are correctly recognized
and properly collated. (BZ#601294)

• A race condition between module loading and stack unwinding could result in a

crash. With this update, a crash no longer occurs in the aforementioned case.
(BZ#649956)

In addition, these updated glibc packages provide the following enhancement:

• The name service cache daemon (nscd) now prepends a timestamp to its log

messages. (BZ#527558)

• Support for POWER7 and Power ISA v.2.06 architectures has been added.

(BZ#563563), (BZ#563599)

Users are advised to upgrade to these updated glibc packages, which resolve
these issues and add this enhancement.

Solution

Before applying this update, make sure that all previously-released errata
relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to use the Red Hat
Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Affected Products

• Red Hat Enterprise Linux Server 5 x86_64
• Red Hat Enterprise Linux Server 5 ia64
• Red Hat Enterprise Linux Server 5 i386
• Red Hat Enterprise Linux Workstation 5 x86_64
• Red Hat Enterprise Linux Workstation 5 i386
• Red Hat Enterprise Linux Desktop 5 x86_64
• Red Hat Enterprise Linux Desktop 5 i386
• Red Hat Enterprise Linux for IBM z Systems 5 s390x
• Red Hat Enterprise Linux for Power, big endian 5 ppc
• Red Hat Enterprise Linux Server from RHUI 5 x86_64
• Red Hat Enterprise Linux Server from RHUI 5 i386

Fixes

• BZ - 527558 - [RHEL5] add timestamps to nscd logs
• BZ - 531576 - [RHEL5] memusage cmd segfaults if run on a perl script that has 'use' in it
• BZ - 533367 - [RHEL5] Segfault after DNS name resolution
• BZ - 549813 - dl_close() race with C++ destructor
• BZ - 559974 - glibc: Don't limit the length of exported environment variable
• BZ - 563563 - Backport sysdeps/powerpc/dl-procinfo.c power7 & ISA 2.06 support
• BZ - 563599 - [5.6 FEAT] Backport elf/dl-sysdep.c patch for AT_BASE_PLATFORM
• BZ - 566712 - If pthread_create fails in aio_write, requests linked list is corrupted
• BZ - 579011 - cvs with kerberos authentification segfaults
• BZ - 585674 - free() race in mcheck hooks
• BZ - 593047 - pthread cleanup handler is not invoked during thread cancellation
• BZ - 593675 - [5.4] Unexpected failure of resolving a locally-defined symbol.

CVEs

(none)

References

(none)