[SECURITY] Fedora 16 Update: glibc-2.14.90-24.fc16.6

updates at fedoraproject.org updates at fedoraproject.org
Sat Feb 25 08:36:01 UTC 2012 

--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2012-2162
2012-02-22 01:38:51
--------------------------------------------------------------------------------

Name        : glibc
Product     : Fedora 16
Version     : 2.14.90
Release     : 24.fc16.6
URL         : http://www.gnu.org/software/glibc/
Summary     : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

Avoid "nargs" integer overflow which can be used to bypass FORTIFY_SOURCE protections.

Revert changes for 552960, they're still causing problems.
--------------------------------------------------------------------------------
ChangeLog:

* Mon Feb 20 2012 Jeff Law <law at redhat.com> - 2.14.90-24.fc16.6
- Avoid "nargs" integer overflow which could be used to bypass FORTIFY_SOURCE (#794797)
  - Disable 552960/769421 patches again, they're still not right.
* Fri Feb 10 2012 Jeff Law <law at redhat.com> - 2.14.90-24.fc16.5
- Fix lost wakeups in pthread_cond_*.  (#552960, #769421)
  - Define x86_64 feraiseexcept inline only under __USE_EXTERN_INLINES (#769993).
* Thu Dec 22 2011 Jeff Law <law at redhat.com> - 2.14.90-24.fc16.4
- Revert change for 552960, it's causing multiple problems.
* Sun Dec 18 2011 Jeff Law <law at redhat.com> - 2.14.90-24.fc16.3
- Check values from TZ file header (#767696)
  - Handle EAGAIN from FUTEX_WAIT_REQUEUE_PI (#552960)
  - Add {dist}.#
  - Correct return value from pthread_create when stack alloction fails.
    (#767746)
* Wed Dec  7 2011 Jeff Law <law at redhat.com> - 2.14.90-23
- Fix a wrong constant in powerpc hypot implementation (#750811)
          - Truncate time values in Linux futimes when falling back to utime
* Mon Dec  5 2011 Jeff Law <law at redhat.com> - 2.14.90-22
- Mark fortified __FD_ELT as extension (#761021)
  - Fix typo in manual (#708455)
* Wed Nov 30 2011 Jeff Law <law at redhat.com> - 2.14.90-21
- Don't fail in makedb if SELinux is disabled (#750858)
  - Fix access after end of search string in regex matcher (#757887)
* Mon Nov 28 2011 Jeff Law <law at redhat.com> - 2.14.90-20
- Drop lock before calling malloc_printerr (#757881)
* Fri Nov 18 2011 Jeff Law <law at redhat.com> - 2.14.90-19
- Check malloc arena atomically  (BZ#13071)
  - Don't call reused_arena when _int_new_arena failed (#753601)
* Wed Nov 16 2011 Jeff Law <law at redhat.com> - 2.14.90-18
- Fix grouping and reuse other locales in various locales (BZ#13147)
* Tue Nov 15 2011 Jeff Law <law at redhat.com> - 2.14.90-17
Revert bogus commits/rebasing of Nov 14, Nov 11 and Nov 8.  Sources
  should be equivalent to Fedora 16's initial release.
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.14.90-15
- Rebuilt for glibc bug#747377
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #794797 - CVE-2012-0864 glibc: F_S format string protection bypass via "nargs" integer overflow [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=794797
--------------------------------------------------------------------------------

This update can be installed with the "yum" update program.  Use 
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------

More information about the package-announce mailing list