glibc-2.5-118.2.0.1.AXS3

The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function.

Security issues fixed with this release:

• CVE-2013-4332
Multiple integer overflows in malloc/malloc.c in the GNU C Library (aka glibc or libc6) 2.18 and earlier allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the (1) pvalloc, (2) valloc, (3) posix_memalign, (4) memalign, or (5) aligned_alloc functions.

Fixed bugs:

• Previously, the L3 cache size of some CPUs for SMP server was sometimes not correctly detected. This lead to non-optimal performance and has been fixed.

• Added locking to compat_call() function to prevent multiple threads from racing.

• Previously, glibc could sometimes terminate unexpectedly with a segmentation fault when attempting to use one dynamically-loaded character conversion routine. This has been fixed.

• The ftell() function was fixed to correctly set the internal FILE offset field for wide characters. The ftell() and fseek() functions now handle offsets for wide characters correctly.

• A previous fix to prevent logic errors in mathematical functions caused performance regression for certain inputs. This has been fixed.

• The nscd daemon no longer cache DNS entries with a TTL of zero and lookups for those entries return the correct and current results.

• Applications running under low-memory conditions no longer terminate unexpectedly while calling localization routines and now report errors if working in low-memory conditions.