| Description: | The glibc packages contain the standard C libraries used by multipleprograms on the system. These packages contain the standard C and thestandard math libraries. Without these two libraries, a Linux systemcannot function properly.A flaw was found in the way the ldd utility identified dynamically linkedlibraries. If an attacker could trick a user into running ldd on amalicious binary, it could result in arbitrary code execution with theprivileges of the user running ldd. (CVE-2009-5064)It was found that the glibc addmntent() function, used by various mounthelper utilities, did not handle certain errors correctly when updating themtab (mounted file systems table) file. If such utilities had the setuidbit set, a local attacker could use this flaw to corrupt the mtab file.(CVE-2011-1089)Red Hat would like to thank Dan Rosenberg for reporting the CVE-2011-1089issue.This update also fixes several bugs and adds various enhancements.Documentation for these bug fixes and enhancements will be availableshortly from the Technical Notes document, linked to in the Referencessection.Users are advised to upgrade to these updated glibc packages, which containbackported patches to resolve these issues and add these enhancements. |