Synopsis: Important: glibc security and bug fix update Issue date: 2010-11-10 CVE Names: CVE-2010-3847 CVE-2010-3856 It was discovered that the glibc dynamic linker/loader did not handle the $ORIGIN dynamic string token set in the LD_AUDIT environment variable securely. A local attacker with write access to a file system containing setuid or setgid binaries could use this flaw to escalate their privileges. (CVE-2010-3847) It was discovered that the glibc dynamic linker/loader did not perform sufficient safety checks when loading dynamic shared objects (DSOs) to provide callbacks for its auditing API during the execution of privileged programs. A local attacker could use this flaw to escalate their privileges via a carefully-chosen system DSO library containing unsafe constructors. (CVE-2010-3856) This update also fixes the following bugs: * Previously, the generic implementation of the strstr() and memmem() functions did not handle certain periodic patterns correctly and could find a false positive match. This error has been fixed, and both functions now work as expected. (BZ#643341) * The "TCB_ALIGNMENT" value has been increased to 32 bytes to prevent applications from crashing during symbol resolution on 64-bit systems with support for Intel AVX vector registers. (BZ#643343) SL 6.x SRPMS: glibc-2.12-1.7.el6_0.3.src.rpm i386: glibc-2.12-1.7.el6_0.3.i686.rpm glibc-common-2.12-1.7.el6_0.3.i686.rpm glibc-devel-2.12-1.7.el6_0.3.i686.rpm glibc-headers-2.12-1.7.el6_0.3.i686.rpm glibc-static-2.12-1.7.el6_0.3.i686.rpm glibc-utils-2.12-1.7.el6_0.3.i686.rpm nscd-2.12-1.7.el6_0.3.i686.rpm x86_64: glibc-2.12-1.7.el6_0.3.i686.rpm glibc-2.12-1.7.el6_0.3.x86_64.rpm glibc-common-2.12-1.7.el6_0.3.x86_64.rpm glibc-devel-2.12-1.7.el6_0.3.i686.rpm glibc-devel-2.12-1.7.el6_0.3.x86_64.rpm glibc-headers-2.12-1.7.el6_0.3.x86_64.rpm glibc-static-2.12-1.7.el6_0.3.i686.rpm glibc-static-2.12-1.7.el6_0.3.x86_64.rpm glibc-utils-2.12-1.7.el6_0.3.x86_64.rpm nscd-2.12-1.7.el6_0.3.x86_64.rpm -Connie Sieh -Troy Dawson