Sicherheit: Mehrere Probleme in GNU C library

Lesezeichen hinzufügen

Name : glibc
Product : Fedora 24
Version : 2.23.1
Release : 7.fc24
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

-------------------------------------------------------------------------------
-
Update Information:

This update contains minor security fixes (for CVE-2016-3075, CVE-2016-3706,
and
CVE-2016-1234) and collects fixes for bugs encountered by Fedora users.
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1334289 - glibc: ldconfig -X should not remove stale symbolic
links
https://bugzilla.redhat.com/show_bug.cgi?id=1334289
[ 2 ] Bug #1315648 - CVE-2016-1234 glibc: Stack-based buffer overflow in glob
with GLOB_ALTDIRFUNC and crafted directory [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1315648
[ 3 ] Bug #1307234 - strfmon_l does not group digits.
https://bugzilla.redhat.com/show_bug.cgi?id=1307234
[ 4 ] Bug #1313404 - Test suite failure: elf/tst-audit10 and elf/tst-audit4
https://bugzilla.redhat.com/show_bug.cgi?id=1313404
[ 5 ] Bug #1332914 - glibc: Backport nss_dns hardening patches
https://bugzilla.redhat.com/show_bug.cgi?id=1332914
[ 6 ] Bug #1316972 - glibc: NULL pointer dereference in stub resolver with
unconnectable name server addresses
https://bugzilla.redhat.com/show_bug.cgi?id=1316972
[ 7 ] Bug #1321954 - CVE-2016-3075 glibc: Stack overflow in
nss_dns_getnetbyname_r [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1321954
[ 8 ] Bug #1332917 - glibc: Deadlock between fflush, getdelim, and fork
https://bugzilla.redhat.com/show_bug.cgi?id=1332917
[ 9 ] Bug #1332912 - glibc: nss_hesiod: Heap overflow in get_txt_records
https://bugzilla.redhat.com/show_bug.cgi?id=1332912
[ 10 ] Bug #1333901 - glibc: getnameinfo: fix memory leak and incorrect
truncation checks
https://bugzilla.redhat.com/show_bug.cgi?id=1333901
[ 11 ] Bug #1321861 - glibc: "getent group" listing using nss_db
fails when entries are long
https://bugzilla.redhat.com/show_bug.cgi?id=1321861
[ 12 ] Bug #1321372 - Incorrect first day of the week for es_CL locale
https://bugzilla.redhat.com/show_bug.cgi?id=1321372
[ 13 ] Bug #1335011 - dlsym (RTLD_NEXT)/dlerror fix breaks Adress Sanitizer
(ASAN)
https://bugzilla.redhat.com/show_bug.cgi?id=1335011
[ 14 ] Bug #1330888 - CVE-2016-3706 glibc: stack (frame) overflow in
getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458) [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1330888
[ 15 ] Bug #1282011 - first_weekday wrong for hr_HR locale
https://bugzilla.redhat.com/show_bug.cgi?id=1282011
[ 16 ] Bug #1204521 - fr_CH LC_TIME has wrong first day of week
https://bugzilla.redhat.com/show_bug.cgi?id=1204521
-------------------------------------------------------------------------------
-

This update can be installed with the "yum" update program. Use
su -c 'yum update glibc' at the command line.
For more information, refer to "Managing Software with yum",
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org