-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2016-68abc0be35 2016-05-10 11:45:44.966689 --------------------------------------------------------------------------------
Name : glibc Product : Fedora 23 Version : 2.22 Release : 15.fc23 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.
-------------------------------------------------------------------------------- Update Information:
This update contains minor security fixes (for CVE-2016-3075, CVE-2016-1234, CVE-2015-8778, CVE-2015-8776, CVE-2014-9761, CVE-2015-8779) and collects fixes for bugs encountered by Fedora users. -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1316972 - glibc: NULL pointer dereference in stub resolver with unconnectable name server addresses https://bugzilla.redhat.com/show_bug.cgi?id=1316972 [ 2 ] Bug #1321861 - glibc: "getent group" listing using nss_db fails when entries are long https://bugzilla.redhat.com/show_bug.cgi?id=1321861 [ 3 ] Bug #1313404 - Test suite failure: elf/tst-audit10 and elf/tst-audit4 https://bugzilla.redhat.com/show_bug.cgi?id=1313404 [ 4 ] Bug #1332914 - glibc: Backport nss_dns hardening patches https://bugzilla.redhat.com/show_bug.cgi?id=1332914 [ 5 ] Bug #1321954 - CVE-2016-3075 glibc: Stack overflow in nss_dns_getnetbyname_r [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1321954 [ 6 ] Bug #1332912 - glibc: nss_hesiod: Heap overflow in get_txt_records https://bugzilla.redhat.com/show_bug.cgi?id=1332912 [ 7 ] Bug #1333940 - glibc: Avoid build failure in TZ tests https://bugzilla.redhat.com/show_bug.cgi?id=1333940 [ 8 ] Bug #1332917 - glibc: Deadlock between fflush, getdelim, and fork https://bugzilla.redhat.com/show_bug.cgi?id=1332917 [ 9 ] Bug #1333945 - glibc: dlerror () returns NULL after dlsym (RTLD_NEXT) of a non-existent symbol https://bugzilla.redhat.com/show_bug.cgi?id=1333945 [ 10 ] Bug #1315648 - CVE-2016-1234 glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1315648 [ 11 ] Bug #1333901 - glibc: getnameinfo: fix memory leak and incorrect truncation checks https://bugzilla.redhat.com/show_bug.cgi?id=1333901 [ 12 ] Bug #1288740 - glibc: tst-makecontext fails on armhfp https://bugzilla.redhat.com/show_bug.cgi?id=1288740 [ 13 ] Bug #1307234 - strfmon_l does not group digits. https://bugzilla.redhat.com/show_bug.cgi?id=1307234 [ 14 ] Bug #1300304 - CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300304 [ 15 ] Bug #1300300 - CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300300 [ 16 ] Bug #1293139 - Invalid memory access in getmntent_r() https://bugzilla.redhat.com/show_bug.cgi?id=1293139 [ 17 ] Bug #1300311 - CVE-2014-9761 glibc: Unbounded stack allocation in nan* functions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300311 [ 18 ] Bug #1300314 - CVE-2015-8779 glibc: Unbounded stack allocation in catopen function [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1300314 [ 19 ] Bug #1321372 - Incorrect first day of the week for es_CL locale https://bugzilla.redhat.com/show_bug.cgi?id=1321372 --------------------------------------------------------------------------------
This update can be installed with the "yum" update program. Use su -c 'yum update glibc' at the command line. For more information, refer to "Managing Software with yum", available at https://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
package-announce@lists.fedoraproject.org