4.56. glibc

Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5.
The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
The glibc packages contain the standard C libraries used by multiple programs on the system. These packages contain the standard C and the standard math libraries. Without these two libraries, a Linux system cannot function properly.

Security Fixes

CVE-2009-5029
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
CVE-2009-5064
A flaw was found in the way the ldd utility identified dynamically linked libraries. If an attacker could trick a user into running ldd on a malicious binary, it could result in arbitrary code execution with the privileges of the user running ldd.
CVE-2010-0830
An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library loaded ELF (Executable and Linking Format) files. If a carefully-crafted ELF file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
CVE-2011-1089
It was found that the glibc addmntent() function, used by various mount helper utilities, did not handle certain errors correctly when updating the mtab (mounted file systems table) file. If such utilities had the setuid bit set, a local attacker could use this flaw to corrupt the mtab file.
CVE-2011-4609
A denial of service flaw was found in the remote procedure call (RPC) implementation in glibc. A remote attacker able to open a large number of connections to an RPC service that is using the RPC implementation from glibc, could use this flaw to make that service use an excessive amount of CPU time.
Red Hat would like to thank the Ubuntu Security Team for reporting CVE-2010-0830, and Dan Rosenberg for reporting CVE-2011-1089. The Ubuntu Security Team acknowledges Dan Rosenberg as the original reporter of CVE-2010-0830.
Users should upgrade to these updated packages, which resolve these issues.
Updated glibc packages that fix one bug are now available for Red Hat Enterprise Linux 5.
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function properly.

Bug Fix

BZ#745487
Previously, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. Initialization routines for depended-upon objects were not being called before the objects, which depended on them, were being initialized. This manifested itself only when initializing compiled C++ libraries whose global initialization depended upon the global initialization of data in other libraries which they were linked against at link time, generating a DT_NEEDED entry. With this update, implementation of the topological sort algorithm for dependency resolution has been fixed, and functions for initialization and termination are now ordered correctly.
All users are advised to upgrade to these updated packages, which fix this bug.
Updated glibc packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5.
The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

Bug Fixes

BZ#585433
Priviously, glibc incorrectly computed the amount of memory needed by strcoll_l and strxfrm functions. As a consequence, a stack overflow could occur, especially in multi-threaded applications with small stack sizes. This update fixes the memory usage computations and avoids the stack overflows.
BZ#657570
Prior to this update, glibc used an incorrect matching algorithm in the strptime function. As a result, strptime could misparse months in certain locales including Polish and Vietnamese. This update corrects the matching algorithm in strptime.
BZ#675259
Priviously, the glibc locale information was wrong for certain French, Spanish and German locales. As a result, incorrect numeric output could be reported. This update corrects the information.
BZ#678318
Prior to this update, nss_nis client code in glibc attempted to read the passwd.adjunct table for certain usernames. This typically required more privileges than a normal user has and thus errors were logged on the The Network Information Service (NIS) server. This update changes glibc to only refer to passwd.adjunct when it is actually necessary.
BZ#711924
Priviously, the dl_debug_state RT_CONSISTENT incorrectly occurred before applying dynamic relocations. As a result, debugging tools could not correctly monitor this call. This update adds systemtap-probes at a superset of the locations where the dl_debug_state was called.
BZ#711531
Prior to this update, glibc did not initialize the robust futex list after a fork. As a result, shared robust mutexes were not cleaned up when the child exited. This update ensures that the robust futex list is correctly initialized after a fork system call.
BZ#707998
Prior to this update, glibc returned incorrect error codes from the pthread_create. This could lead some programs to incorrectly issue an error for a transient failure, such as a temporary out of memory condition. This update ensures glibc returns the correct error code when memory allocation fails in pthread_create.
BZ#706894
Prior to this update, the system configuration option _SC_NPROCESSORS_CONF returned the total number of active processors configured rather than the total number of configured processors. This update changes glibc to query system configurations to get the number of configured processors correctly.
BZ#703345
Prior to this update, getpwent could incorrectly query NIS when using the nss_compat option. This could lead to incorrect results (missing entries) for calls to getpwent. This update changes glibc to only query the NIS domain when needed.
BZ#729661
Prior to this update, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. This could result in incorrect ordering of DSO constructors and destructors. With this update, dependency resolution has been fixed
BZ#756453
Prior to this update, the libresolv routines were not compiled with the stack protector enabled. As a consequence, a buffer overflow attack vector could occur if the libresolv routines had potential stack overflows. This update turns on the stack protector mechanisms for libresolv.
BZ#758252
Prior to this update, the futimes function rounded values rather than truncate them. As a consequence, file modification, access, or creation times could be incorrect. This update correctly truncates values and gives the correct file modification, access & creation times.
All users of glibc are advised to upgrade to these updated packages, which fix these bugs.