Synopsis:          Moderate: glibc security update
Issue Date:        2012-08-27
CVE Numbers:       CVE-2012-3480

The glibc packages provide the standard C and standard math libraries used
by multiple programs on the system. Without these libraries, the Linux
system cannot function properly.

Multiple integer overflow flaws, leading to stack-based buffer overflows,
were found in glibc's functions for converting a string to a numeric
representation (strtod(), strtof(), and strtold()). If an application used
such a function on attacker controlled input, it could cause the
application to crash or, potentially, execute arbitrary code.
(CVE-2012-3480)

All users of glibc are advised to upgrade to these updated packages, which
contain a backported patch to correct these issues.

SL6
   x86_64
     glibc-2.12-1.80.el6_3.5.i686.rpm
     glibc-2.12-1.80.el6_3.5.x86_64.rpm
     glibc-common-2.12-1.80.el6_3.5.x86_64.rpm
     glibc-devel-2.12-1.80.el6_3.5.i686.rpm
     glibc-devel-2.12-1.80.el6_3.5.x86_64.rpm
     glibc-headers-2.12-1.80.el6_3.5.x86_64.rpm
     glibc-utils-2.12-1.80.el6_3.5.x86_64.rpm
     nscd-2.12-1.80.el6_3.5.x86_64.rpm
     glibc-static-2.12-1.80.el6_3.5.i686.rpm
     glibc-static-2.12-1.80.el6_3.5.x86_64.rpm
   i386
     glibc-2.12-1.80.el6_3.5.i686.rpm
     glibc-common-2.12-1.80.el6_3.5.i686.rpm
     glibc-devel-2.12-1.80.el6_3.5.i686.rpm
     glibc-headers-2.12-1.80.el6_3.5.i686.rpm
     glibc-utils-2.12-1.80.el6_3.5.i686.rpm
     nscd-2.12-1.80.el6_3.5.i686.rpm
     glibc-static-2.12-1.80.el6_3.5.i686.rpm

- Scientific Linux Development Team