| Description: | This glibc update fixes a critical privilege escalation problem and thefollowing security and non-security issues: * bnc#892073: An off-by-one error leading to a heap-based buffer overflow was found in __gconv_translit_find(). An exploit thattargets the problem is publicly available. (CVE-2014-5119) * bnc#882600: Copy filename argument in posix_spawn_file_actions_addopen. (CVE-2014-4043) * bnc#860501: Use O_LARGEFILE for utmp file. * bnc#842291: Fix typo in glibc-2.5-dlopen-lookup-race.diff. * bnc#839870: Fix integer overflows in malloc. (CVE-2013-4332) * bnc#834594: Fix readdir_r with long file names. (CVE-2013-4237) * bnc#824639: Drop lock before calling malloc_printerr. * bnc#801246: Fix buffer overrun in regexp matcher. (CVE-2013-0242) * bnc#779320: Fix buffer overflow in strcoll. (CVE-2012-4412) * bnc#894556 / bnc#894553: Fix crashes on invalid input in IBM gconv modules. (CVE-2014-6040, CVE-2012-6656, bnc#894553, bnc#894556, BZ#17325, BZ#14134)Security Issues: * CVE-2014-5119 * CVE-2014-4043 * CVE-2013-4332 * CVE-2013-4237 * CVE-2013-0242 * CVE-2012-4412 |