RHSA-2004:586 - Security Advisory

Topic

Updated glibc packages that address several bugs and implement some
enhancements are now available.

Description

The GNU libc packages (known as glibc) contain the standard C libraries
used by applications.

This errata fixes several bugs in the GNU C Library.

Fixes include (in addition to enclosed Bugzilla entries):

• fixed 32-bit atomic operations on 64-bit powerpc
• fixed -m32 -I /usr/include/nptl compilation on AMD64
• NPTL <pthread.h> should now be usable in C++ code or -pedantic -std=c89 C
• rwlocks are now available also in the _POSIX_C_SOURCE=200112L namespace
• pthread_once is no longer throw(), as the callback routine might throw
• pthread_create now correctly returns EAGAIN when thread couldn't be

created because of lack of memory

• fixed NPTL stack freeing in case of pthread_create failure with detached

thread

• fixed pthread_mutex_timedlock on i386 and AMD64
• Itanium gp saving fix in linuxthreads
• fixed s390/s390x unwinding tests done during cancellation if stack frames

are small

• fixed fnmatch(3) backslash handling
• fixed out of memory behaviour of syslog(3)
• resolver ID randomization
• fixed fim (NaN, NaN)
• glob(3) fixes for dangling symlinks
• catchsegv fixed to work with both 32-bit and 64-bit binaries on x86-64,

s390x and ppc

• fixed reinitialization of _res when using NPTL stack cache
• updated bug reporting instructions, removed glibcbug script
• fixed infinite loop in iconv with some options
• fixed inet_aton return value
• CPU friendlier busy waiting in linuxthreads on EM64T and IA-64
• avoid blocking/masking debug signal in linuxthreads
• fixed locale program output when neither LC_ALL nor LANG is set
• fixed using of unitialized memory in localedef
• fixed mntent_r escape processing
• optimized mtrace script
• linuxthread_db fixes on ppc64
• cfi instructions in x86-64 linuxthreads vfork
• some _POSIX_C_SOURCE=200112L namespace fixes

All users of glibc should upgrade to these updated packages, which resolve
these issues.

Solution

Before applying this update, make sure that all previously-released
errata relevant to your system have been applied. Use Red Hat
Network to download and update your packages. To launch the Red Hat
Update Agent, use the following command:

up2date

For information on how to install packages manually, refer to the
following Web page for the System Administration or Customization
guide specific to your system:

http://www.redhat.com/docs/manuals/enterprise/

Affected Products

• Red Hat Enterprise Linux Server 3 x86_64
• Red Hat Enterprise Linux Server 3 ia64
• Red Hat Enterprise Linux Server 3 i386
• Red Hat Enterprise Linux Workstation 3 x86_64
• Red Hat Enterprise Linux Workstation 3 ia64
• Red Hat Enterprise Linux Workstation 3 i386
• Red Hat Enterprise Linux Desktop 3 x86_64
• Red Hat Enterprise Linux Desktop 3 i386
• Red Hat Enterprise Linux for IBM z Systems 3 s390x
• Red Hat Enterprise Linux for IBM z Systems 3 s390
• Red Hat Enterprise Linux for Power, big endian 3 ppc

Fixes

• BZ - 103415 - Weird string in date printing
• BZ - 116428 - RHEL3 U4: statfs64
• BZ - 118574 - malloc exhausts memory to fast in mulithreaded program
• BZ - 123583 - getnameinfo does not use /etc/hosts for lookup of V4MAPPED addresses
• BZ - 127606 - __builtin_expect's prototype does not expect int args; assert feeds it just that
• BZ - 130254 - glibc's traceback() fails when called from an exception handler
• BZ - 132204 - glibc-nis-performance.patch causes gdm to hang
• BZ - 132654 - LTC10984 - 1.3.1 Linux JVM hanging on RedHat EL 3 update 3
• BZ - 132816 - glibc in RHEL 3 needs to have syslog.c updated to cvs version 1.42
• BZ - 135234 - Problem with gethostbyaddr with latest UDP
• BZ - 136318 - CAN-2004-0968 temporary file vulnerabilities in catchsegv script
• BZ - 136726 - RHEL3 U5: execvp fails if ENODEV encountered during PATH search

CVEs

• CVE-2004-0968

References

(none)