glibc-2.17-106.el7.4
エラータID: AXSA:2016-096:01
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.
Security issues fixed with this release:
CVE-2015-5229
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
CVE-2015-7547
** RESERVED **
This candidate has been reserved by an organization or individual that
will use it when announcing a new security problem. When the
candidate has been publicized, the details for this candidate will be
provided.
Fixed bugs:
* The existing implementation of the "free" function causes all memory pools beyond the first to return freed memory directly to the operating system as quickly as possible. This can result in performance degradation when the rate of free calls is very high. The first memory pool (the main pool) does provide a method to rate limit the returns via M_TRIM_THRESHOLD, but this method is not available to subsequent memory pools.
* On the little-endian variant of 64-bit IBM Power Systems (ppc64le), a bug in the dynamic loader could cause applications compiled with profiling enabled to fail to start with the error "monstartup: out of memory". The bug has been corrected and applications compiled for profiling now start correctly.
Update packages.
The calloc function in the glibc package in Red Hat Enterprise Linux (RHEL) 6.7 and 7.2 does not properly initialize memory areas, which might allow context-dependent attackers to cause a denial of service (hang or crash) via unspecified vectors.
Multiple stack-based buffer overflows in the (1) send_dg and (2) send_vc functions in the libresolv library in the GNU C Library (aka glibc or libc6) before 2.23 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted DNS response that triggers a call to the getaddrinfo function with the AF_UNSPEC or AF_INET6 address family, related to performing "dual A/AAAA DNS queries" and the libnss_dns.so.2 NSS module.
N/A
SRPMS
- glibc-2.17-106.el7.4.src.rpm
MD5: 1e51d57106294c0c34640e56cef49dc6
SHA-256: 69d72fb2f196d0c47c6d24d864ec53e89d055d6248fa1f1dccf187ec5964c076
Size: 23.09 MB
Asianux Server 7 for x86_64
- glibc-2.17-106.el7.4.x86_64.rpm
MD5: 72b7cb92e034778ab269057de0355d09
SHA-256: 00a208dc52e3268b9a6654e5c4d5a3fd5ac3f9bcf209684613398d86b2a7bfca
Size: 3.58 MB - glibc-common-2.17-106.el7.4.x86_64.rpm
MD5: 77f49e6ae6db29d10cbc6dad003a3d37
SHA-256: 1bfd2cd7229ef5a2981abffc5a9a7007e170c034203b95f4d8cc43ac1b4fdb44
Size: 11.47 MB - glibc-devel-2.17-106.el7.4.x86_64.rpm
MD5: e61acffe15e292d9c6fc328db82ea1d3
SHA-256: e5290a0599761203e8dc22a008476dfbc67742441cd52ce7b0124e4a61b4b57c
Size: 1.05 MB - glibc-headers-2.17-106.el7.4.x86_64.rpm
MD5: 779fda5409888fa681adea120ca3c84d
SHA-256: 8a4416c53ef04429930192039f875293f5ceaefbc044df5e776c8cd3831a67a7
Size: 660.66 kB - glibc-utils-2.17-106.el7.4.x86_64.rpm
MD5: 052258044e637902d614d62daf5a2b35
SHA-256: 22cc47123eb5f9e33cf5884f42f564ebeb08d58b2fd5f587b5b429bd57160353
Size: 201.31 kB - nscd-2.17-106.el7.4.x86_64.rpm
MD5: aa1fe46c3ab76b2859fb469db9edc3c3
SHA-256: 5611ae4811d448b1e50e10624e4cda03b870331543a6cec42330ca4bd4570ba8
Size: 259.81 kB - glibc-2.17-106.el7.4.i686.rpm
MD5: 10faa6f00d765c196737ce74fc1f1545
SHA-256: 4fd70b64a400f5c68ef7b20cb303b5e71a404691e28b39411cadc0c41b68d36e
Size: 4.18 MB - glibc-devel-2.17-106.el7.4.i686.rpm
MD5: 842e4486191ef2f7a2c2a6a3b8f17927
SHA-256: b2546dfeb19ed06bf5b2d9cf6ceb5524d0aba15dd44ae96d177ce6e47a58c68f
Size: 1.05 MB
日本語