Synopsis:    Moderate: glibc security update
Issue Date:  2012-03-19
CVE Numbers: CVE-2012-0864


The glibc packages provide the standard C and standard math libraries used
by multiple programs on the system. Without these libraries, the Linux
system cannot function correctly.

An integer overflow flaw was found in the implementation of the printf
functions family. This could allow an attacker to bypass FORTIFY_SOURCE
protections and execute arbitrary code using a format string flaw in an
application, even though these protections are expected to limit the impact
of such flaws to an application abort. (CVE-2012-0864)

All users of glibc are advised to upgrade to these updated packages, which
contain a patch to resolve this issue.

SL5:
  i386
     glibc-2.5-81.el5_8.1.i386.rpm
     glibc-2.5-81.el5_8.1.i686.rpm
     glibc-common-2.5-81.el5_8.1.i386.rpm
     glibc-debuginfo-2.5-81.el5_8.1.i386.rpm
     glibc-debuginfo-2.5-81.el5_8.1.i686.rpm
     glibc-debuginfo-common-2.5-81.el5_8.1.i386.rpm
     glibc-devel-2.5-81.el5_8.1.i386.rpm
     glibc-headers-2.5-81.el5_8.1.i386.rpm
     glibc-utils-2.5-81.el5_8.1.i386.rpm
     nscd-2.5-81.el5_8.1.i386.rpm
  x86_64
     glibc-2.5-81.el5_8.1.i686.rpm
     glibc-2.5-81.el5_8.1.x86_64.rpm
     glibc-common-2.5-81.el5_8.1.x86_64.rpm
     glibc-debuginfo-2.5-81.el5_8.1.i386.rpm
     glibc-debuginfo-2.5-81.el5_8.1.i686.rpm
     glibc-debuginfo-2.5-81.el5_8.1.x86_64.rpm
     glibc-debuginfo-common-2.5-81.el5_8.1.i386.rpm
     glibc-devel-2.5-81.el5_8.1.i386.rpm
     glibc-devel-2.5-81.el5_8.1.x86_64.rpm
     glibc-headers-2.5-81.el5_8.1.x86_64.rpm
     glibc-utils-2.5-81.el5_8.1.x86_64.rpm
     nscd-2.5-81.el5_8.1.x86_64.rpm

- Scientific Linux Development Team