| Description: | This collective update for the GNU C library (glibc)provides the following fixes and enhancements:Security issues fixed: - Fix stack overflow in getaddrinfowith many results. (bnc#813121, CVE-2013-1914) - Fixedanother stack overflow in getaddrinfo with many results(bnc#828637) - Fix buffer overflow in glob. (bnc#691365)(CVE-2010-4756) - Fix array overflow in floating pointparser [bnc#775690] (CVE-2012-3480) - Fix strtodinteger/buffer overflows [bnc#775690] (CVE-2012-3480) -Make addmntent return errors also for cached streams. [bnc#676178, CVE-2011-1089] - Fix overflows in vfprintf. [bnc#770891, CVE 2012-3406] - Add vfprintf-nargs.diff forpossible format string overflow. [bnc #747768,CVE-2012-0864] - Check values from file header in__tzfile_read. [bnc #735850, CVE-2009-5029]Also several bugs were fixed: - Fix locking in _IO_cleanup.(bnc#796982) - Fix memory leak in execve. (bnc#805899) -Fix nscd timestamps in logging (bnc#783196) - Fix perlscript error message (bnc#774467) - Fall back to localhostif no nameserver defined (bnc#818630) - Fix incompleteresults from nscd. [bnc #753756] - Fix a deadlock in dlsymin case the symbol isn't found, for multithreadedprograms. [bnc #760216] - Fix problem with TLS and dlopen.[#732110] - Backported regex fix for skipping of validEUC-JP matches [bnc#743689] - Fixed false regex match onincomplete chars in EUC-JP [bnc#743689] - Addglibc-pmap-timeout.diff in order to fix useless connectionattempts to NFS servers. [bnc #661460] |