glibc (SL5)

By Scientific Linux Team on April 25, 2013

Synopsis: Low: glibc security and bug fix update
Advisory ID: SLSA-2013:0769-1
Issue Date: 2013-04-24
CVE Numbers: CVE-2013-0242
CVE-2013-1914

It was found that getaddrinfo() did not limit the amount of stack memory
used during name resolution. An attacker able to make an application
resolve an attacker-controlled hostname or IP address could possibly cause
the application to exhaust all stack memory and crash. (CVE-2013-1914)

A flaw was found in the regular expression matching routines that process
multibyte character input. If an application utilized the glibc regular
expression matching mechanism, an attacker could provide specially-crafted
input that, when processed, would cause the application to crash.
(CVE-2013-0242)

This update also fixes the following bugs:

* The improvements made in a previous update to the accuracy of floating point
functions in the math library caused performance regressions for those
functions. The performance regressions were analyzed and a fix was applied
that retains the current accuracy but reduces the performance penalty to
acceptable levels.

* It was possible that a memory location freed by the localization code
could be accessed immediately after, resulting in a crash. The fix ensures
that the application does not crash by avoiding the invalid memory access.

SL5
x86_64
glibc-2.5-107.el5_9.4.i686.rpm
glibc-2.5-107.el5_9.4.x86_64.rpm
glibc-common-2.5-107.el5_9.4.x86_64.rpm
glibc-debuginfo-2.5-107.el5_9.4.i386.rpm
glibc-debuginfo-2.5-107.el5_9.4.i686.rpm
glibc-debuginfo-2.5-107.el5_9.4.x86_64.rpm
glibc-debuginfo-common-2.5-107.el5_9.4.i386.rpm
glibc-devel-2.5-107.el5_9.4.i386.rpm
glibc-devel-2.5-107.el5_9.4.x86_64.rpm
glibc-headers-2.5-107.el5_9.4.x86_64.rpm
glibc-utils-2.5-107.el5_9.4.x86_64.rpm
nscd-2.5-107.el5_9.4.x86_64.rpm
i386
glibc-2.5-107.el5_9.4.i386.rpm
glibc-2.5-107.el5_9.4.i686.rpm
glibc-common-2.5-107.el5_9.4.i386.rpm
glibc-debuginfo-2.5-107.el5_9.4.i386.rpm
glibc-debuginfo-2.5-107.el5_9.4.i686.rpm
glibc-debuginfo-common-2.5-107.el5_9.4.i386.rpm
glibc-devel-2.5-107.el5_9.4.i386.rpm
glibc-headers-2.5-107.el5_9.4.i386.rpm
glibc-utils-2.5-107.el5_9.4.i386.rpm
nscd-2.5-107.el5_9.4.i386.rpm

– Scientific Linux Development Team