SUSE-SU-2013:1287-1: moderate: Security update for glibc

Thu Aug 1 07:04:11 MDT 2013

   SUSE Security Update: Security update for glibc
______________________________________________________________________________

Announcement ID:    SUSE-SU-2013:1287-1
Rating:             moderate
References:         #661460 #676178 #691365 #732110 #735850 #743689 
                    #747768 #753756 #760216 #770891 #774467 #775690 
                    #783196 #796982 #805899 #813121 #818630 #828637 

Cross-References:   CVE-2009-5029 CVE-2010-4756 CVE-2011-1089
                    CVE-2012-0864 CVE-2012-3480 CVE-2013-1914

Affected Products:
                    SUSE Linux Enterprise Server 10 SP3 LTSS
______________________________________________________________________________

   An update that solves 6 vulnerabilities and has 12 fixes is
   now available.

Description:

   This collective update for the GNU C library (glibc)
   provides the following  fixes and enhancements:

   Security issues fixed: - Fix stack overflow in getaddrinfo
   with many  results. (bnc#813121, CVE-2013-1914) - Fixed
   another stack overflow in  getaddrinfo with many results
   (bnc#828637) - Fix buffer overflow in glob.  (bnc#691365)
   (CVE-2010-4756) - Fix array overflow in floating point
   parser  [bnc#775690] (CVE-2012-3480) - Fix strtod
   integer/buffer overflows  [bnc#775690] (CVE-2012-3480) -
   Make addmntent return errors also for cached  streams. [bnc
   #676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc
   #770891, CVE 2012-3406] - Add vfprintf-nargs.diff for
   possible format  string overflow. [bnc #747768,
   CVE-2012-0864] - Check values from file  header in
   __tzfile_read. [bnc #735850, CVE-2009-5029]

   Also several bugs were fixed: - Fix locking in _IO_cleanup.
   (bnc#796982) -  Fix memory leak in execve. (bnc#805899) -
   Fix nscd timestamps in logging  (bnc#783196) - Fix perl
   script error message (bnc#774467) - Fall back to  localhost
   if no nameserver defined (bnc#818630) - Fix incomplete
   results  from nscd. [bnc #753756] - Fix a deadlock in dlsym
   in case the symbol isn't  found, for multithreaded
   programs. [bnc #760216] - Fix problem with TLS and  dlopen.
   [#732110] - Backported regex fix for skipping of valid
   EUC-JP  matches [bnc#743689] - Fixed false regex match on
   incomplete chars in  EUC-JP [bnc#743689] - Add
   glibc-pmap-timeout.diff in order to fix useless  connection
   attempts to NFS servers. [bnc #661460]

   Security Issues:

   * CVE-2009-5029
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-5029
   >
   * CVE-2010-4756
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4756
   >
   * CVE-2011-1089
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1089
   >
   * CVE-2012-0864
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0864
   >
   * CVE-2012-3480
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3480
   >
   * CVE-2013-1914
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1914
   >

Package List:

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 i686 s390x x86_64):

      glibc-2.4-31.77.102.1
      glibc-devel-2.4-31.77.102.1

   - SUSE Linux Enterprise Server 10 SP3 LTSS (i586 s390x x86_64):

      glibc-html-2.4-31.77.102.1
      glibc-i18ndata-2.4-31.77.102.1
      glibc-info-2.4-31.77.102.1
      glibc-locale-2.4-31.77.102.1
      glibc-profile-2.4-31.77.102.1
      nscd-2.4-31.77.102.1

   - SUSE Linux Enterprise Server 10 SP3 LTSS (s390x x86_64):

      glibc-32bit-2.4-31.77.102.1
      glibc-devel-32bit-2.4-31.77.102.1
      glibc-locale-32bit-2.4-31.77.102.1
      glibc-profile-32bit-2.4-31.77.102.1

References:

   http://support.novell.com/security/cve/CVE-2009-5029.html
   http://support.novell.com/security/cve/CVE-2010-4756.html
   http://support.novell.com/security/cve/CVE-2011-1089.html
   http://support.novell.com/security/cve/CVE-2012-0864.html
   http://support.novell.com/security/cve/CVE-2012-3480.html
   http://support.novell.com/security/cve/CVE-2013-1914.html
   https://bugzilla.novell.com/661460
   https://bugzilla.novell.com/676178
   https://bugzilla.novell.com/691365
   https://bugzilla.novell.com/732110
   https://bugzilla.novell.com/735850
   https://bugzilla.novell.com/743689
   https://bugzilla.novell.com/747768
   https://bugzilla.novell.com/753756
   https://bugzilla.novell.com/760216
   https://bugzilla.novell.com/770891
   https://bugzilla.novell.com/774467
   https://bugzilla.novell.com/775690
   https://bugzilla.novell.com/783196
   https://bugzilla.novell.com/796982
   https://bugzilla.novell.com/805899
   https://bugzilla.novell.com/813121
   https://bugzilla.novell.com/818630
   https://bugzilla.novell.com/828637
   http://download.novell.com/patch/finder/?keywords=17c15337eaf4f28f28cdc9f9d3d731ec