Hello,
There was a bug with the latest glibc update that went out for SL5.
https://bugzilla.redhat.com/show_bug.cgi?id=693882
It causes evolution to fail, and the gnome panel to crash.

As far as we know, this bug doesn't affect any non-graphical 
environment, so servers should be safe.

We have created a glibc with two changes taken out that fix the bug. 
The problem is that it removes one of the security patches.

*Security Update Removed* CVE-2011-0536
The fix for CVE-2010-3847 introduced a regression in the way the dynamic
loader expanded the $ORIGIN dynamic string token specified in the RPATH 
and RUNPATH entries in the ELF library header. A local attacker could 
use this flaw to escalate their privileges via a setuid or setgid 
program using such a library.

*Security Updates Still Applied*
CVE-2011-1095, CVE-2011-1071, CVE-2010-0296

This fix is for those admins who had to downgrade their glibc due to 
evolution and/or gnome-panel crashing.  We feel it is better for them to 
have three security patches, rather than none.

We do not plan on pushing this out, we are waiting for a fix from TUV.

To test or update

SL5
-------

             yum --enablerepo=sl-testing update glibc\*

or you can download rpm's by hand at

http://ftp.scientificlinux.org/linux/scientific/5rolling/testing/i386/glibc/
http://ftp.scientificlinux.org/linux/scientific/5rolling/testing/x86_64/glibc/

glibc-2.5-58.el5_6.2.6.sl5

Thanks
Troy Dawson
--
__________________________________________________
Troy Dawson  [log in to unmask]  (630)840-6468
Fermilab  ComputingDivision/LCSI/CSI DSS Group
__________________________________________________