Issued:
2012-02-20
Updated:
2012-02-20

RHBA-2012:0260 - glibc bug fix update

Synopsis

glibc bug fix update

Type/Severity

Bug Fix Advisory (none)

Topic

Updated glibc packages that fix multiple bugs are now available for Red Hat Enterprise Linux 5.

Description

The glibc packages provide the standard C and standard math libraries used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.

This update fixes the following bugs:

  • Priviously, glibc incorrectly computed the amount of memory needed by strcoll_l and strxfrm functions. As a consequence, a stack overflow could occur, especially in multi-threaded applications with small stack sizes. This update fixes the memory usage computations and avoids the stack overflows. (BZ#585433)

  • Prior to this update, glibc used an incorrect matching algorithm in the strptime function. As a result, strptime could misparse months in certain locales including Polish and Vietnamese. This update corrects the matching algorithm in strptime. (BZ#657570)

  • Priviously, the glibc locale information was wrong for certain French, Spanish and German locales. As a result, incorrect numeric output could be reported. This update corrects the information. (BZ#675259)

  • Prior to this update, nss_nis client code in glibc attempted to read the passwd.adjunct table for certain usernames. This typically required more privileges than a normal user has and thus errors were logged on the The Network Information Service (NIS) server. This update changes glibc to only refer to passwd.adjunct when it is actually necessary. (BZ#678318)

  • Priviously, the dl_debug_state RT_CONSISTENT incorrectly occurred before applying dynamic relocations. As a result, debugging tools could not correctly monitor this call. This update adds systemtap-probes at a superset of the locations where the dl_debug_state was called. (BZ#711924)

  • Prior to this update, glibc did not initialize the robust futex list after a fork. As a result, shared robust mutexes were not cleaned up when the child exited. This update ensures that the robust futex list is correctly initialized after a fork system call. (BZ#711531)

  • Prior to this update, glibc returned incorrect error codes from the pthread_create. This could lead some programs to incorrectly issue an error for a transient failure, such as a temporary out of memory condition. This update ensures glibc returns the correct error code when memory allocation fails in pthread_create. (BZ#707998)

  • Prior to this update, the system configuration option _SC_NPROCESSORS_CONF returned the total number of active processors configured rather than the total number of configured processors. This update changes glibc to query system configurations to get the number of configured processors correctly. (BZ#706894)

  • Prior to this update, getpwent could incorrectly query NIS when using the nss_compat option. This could lead to incorrect results (missing entries) for calls to getpwent. This update changes glibc to only query the NIS domain when needed. (BZ#703345)

  • Prior to this update, the dynamic loader generated an incorrect ordering for initialization according to the ELF specification. This could result in incorrect ordering of DSO constructors and destructors. With this update, dependency resolution has been fixed(BZ#729661)

  • Prior to this update, the libresolv routines were not compiled with the stack protector enabled. As a consequence, a buffer overflow attack vector could occur if the libresolv routines had potential stack overflows. This update turns on the stack protector mechanisms for libresolv. (BZ#756453)

  • Prior to this update, the futimes function rounded values rather than truncate them. As a consequence, file modification, access, or creation times could be incorrect. This update correctly truncates values and gives the correct file modification, access & creation times. (BZ#758252)

All users of glibc are advised to upgrade to these updated packages, which fix these bugs.

Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at This content is not included.https://access.redhat.com/kb/docs/DOC-11259

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for Power, big endian5ppc
Red Hat Enterprise Linux for IBM z Systems5s390x
Red Hat Enterprise Linux Workstation5x86_64
Red Hat Enterprise Linux Workstation5i386
Red Hat Enterprise Linux Server5x86_64
Red Hat Enterprise Linux Server5ia64
Red Hat Enterprise Linux Server5i386
Red Hat Enterprise Linux Server from RHUI5x86_64
Red Hat Enterprise Linux Server from RHUI5i386
Red Hat Enterprise Linux Desktop5x86_64
Red Hat Enterprise Linux Desktop5i386

Updated Packages

  • glibc-devel-2.5-81.i386.rpm
  • glibc-devel-2.5-81.s390.rpm
  • glibc-2.5-81.ppc64.rpm
  • glibc-common-2.5-81.x86_64.rpm
  • glibc-utils-2.5-81.s390x.rpm
  • glibc-headers-2.5-81.ppc.rpm
  • glibc-2.5-81.ia64.rpm
  • nscd-2.5-81.s390x.rpm
  • glibc-2.5-81.i686.rpm
  • glibc-devel-2.5-81.ppc64.rpm
  • glibc-utils-2.5-81.ppc.rpm
  • nscd-2.5-81.i386.rpm
  • glibc-devel-2.5-81.s390x.rpm
  • glibc-common-2.5-81.s390x.rpm
  • nscd-2.5-81.ia64.rpm
  • glibc-2.5-81.s390x.rpm
  • glibc-headers-2.5-81.x86_64.rpm
  • glibc-headers-2.5-81.ia64.rpm
  • glibc-devel-2.5-81.x86_64.rpm
  • glibc-utils-2.5-81.i386.rpm
  • glibc-utils-2.5-81.x86_64.rpm
  • glibc-2.5-81.ppc.rpm
  • glibc-common-2.5-81.ppc.rpm
  • glibc-headers-2.5-81.i386.rpm
  • glibc-devel-2.5-81.ia64.rpm
  • glibc-2.5-81.x86_64.rpm
  • glibc-2.5-81.i386.rpm
  • nscd-2.5-81.ppc.rpm
  • glibc-2.5-81.s390.rpm
  • glibc-common-2.5-81.i386.rpm
  • glibc-utils-2.5-81.ia64.rpm
  • glibc-devel-2.5-81.ppc.rpm
  • nscd-2.5-81.x86_64.rpm
  • glibc-headers-2.5-81.s390x.rpm
  • glibc-2.5-81.src.rpm
  • glibc-common-2.5-81.ia64.rpm

Fixes

CVEs

(none)

References

(none)

Additional information