[SECURITY] Fedora 18 Update: glibc-2.16-30.fc18

updates at fedoraproject.org updates at fedoraproject.org
Sat Mar 30 21:30:28 UTC 2013 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2013-4100
2013-03-20 20:46:57
--------------------------------------------------------------------------------

Name        : glibc
Product     : Fedora 18
Version     : 2.16
Release     : 30.fc18
URL         : http://www.gnu.org/software/glibc/
Summary     : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

Fix multibyte character processing crash in regexp (CVE-2013-0242). Fix ownership of /usr/lib[64]/audit (#894307). Rename release engineering directory to `releng' (#903754).
--------------------------------------------------------------------------------
ChangeLog:

* Sun Mar 17 2013 Carlos O'Donell <carlos at redhat.com> - 2.16-30
- Fix ownership of /usr/lib[64]/audit (#894307).
  - Rename release engineering directory to `releng' (#903754).
  - Fix multibyte character processing crash in regexp (#905874, #905877, CVE-2013-0242)
* Wed Dec 26 2012 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.16-29
Fix sparc build with older compilers. (#890035)
* Mon Dec 10 2012 Patsy Franklin <pfrankli at redhat.com> - 2.16-28
- Backport fix for nss_db crash when db contains exactly one entry.(#878913)
* Fri Dec  7 2012 Patsy Franklin <pfrankli at redhat.com> - 2.16-27
- Backport crypto support from upstream. (#811753)
* Thu Dec  6 2012 Siddhesh Poyarekar <siddhesh at redhat.com> - 2.16-26
- use uint64_t for __bswap64 (#859428).
* Wed Nov 28 2012 Patsy Franklin <pfrankli at redhat.com> - 2.16-25
- Backport of upstream BZ #5298. Don't flush buffer for ftell.
    Compute offsets from write pointers instead.  (#577950)
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #905874 - CVE-2013-0242 glibc: Buffer overrun (DoS) in regexp matcher by processing multibyte characters
        https://bugzilla.redhat.com/show_bug.cgi?id=905874
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list