Synopsis:          Moderate: glibc security and bug fix update
Issue Date:        2012-08-27
CVE Numbers:       CVE-2012-3480

The glibc packages provide the standard C and standard math libraries used
by multiple programs on the system. Without these libraries, the Linux
system cannot function properly.

Multiple integer overflow flaws, leading to stack-based buffer overflows,
were found in glibc's functions for converting a string to a numeric
representation (strtod(), strtof(), and strtold()). If an application used
such a function on attacker controlled input, it could cause the
application to crash or, potentially, execute arbitrary code.
(CVE-2012-3480)

This update also fixes the following bug:

* Previously, logic errors in various mathematical functions, including
exp, exp2, expf, exp2f, pow, sin, tan, and rint, caused inconsistent
results when the functions were used with the non-default rounding mode.
This could also cause applications to crash in some cases. With this
update, the functions now give correct results across the four different
rounding modes.

All users of glibc are advised to upgrade to these updated packages, which
contain backported patches to correct these issues.

SL5
   x86_64
     glibc-2.5-81.el5_8.7.i686.rpm
     glibc-2.5-81.el5_8.7.x86_64.rpm
     glibc-common-2.5-81.el5_8.7.x86_64.rpm
     glibc-devel-2.5-81.el5_8.7.i386.rpm
     glibc-devel-2.5-81.el5_8.7.x86_64.rpm
     glibc-headers-2.5-81.el5_8.7.x86_64.rpm
     glibc-utils-2.5-81.el5_8.7.x86_64.rpm
     nscd-2.5-81.el5_8.7.x86_64.rpm
   i386
     glibc-2.5-81.el5_8.7.i386.rpm
     glibc-2.5-81.el5_8.7.i686.rpm
     glibc-common-2.5-81.el5_8.7.i386.rpm
     glibc-devel-2.5-81.el5_8.7.i386.rpm
     glibc-headers-2.5-81.el5_8.7.i386.rpm
     glibc-utils-2.5-81.el5_8.7.i386.rpm
     nscd-2.5-81.el5_8.7.i386.rpm

- Scientific Linux Development Team