Synopsis: Low: glibc security and bug fix update Advisory ID: SLSA-2013:0769-1 Issue Date: 2013-04-24 CVE Numbers: CVE-2013-0242 CVE-2013-1914 -- It was found that getaddrinfo() did not limit the amount of stack memory used during name resolution. An attacker able to make an application resolve an attacker-controlled hostname or IP address could possibly cause the application to exhaust all stack memory and crash. (CVE-2013-1914) A flaw was found in the regular expression matching routines that process multibyte character input. If an application utilized the glibc regular expression matching mechanism, an attacker could provide specially-crafted input that, when processed, would cause the application to crash. (CVE-2013-0242) This update also fixes the following bugs: * The improvements made in a previous update to the accuracy of floating point functions in the math library caused performance regressions for those functions. The performance regressions were analyzed and a fix was applied that retains the current accuracy but reduces the performance penalty to acceptable levels. * It was possible that a memory location freed by the localization code could be accessed immediately after, resulting in a crash. The fix ensures that the application does not crash by avoiding the invalid memory access. -- SL5 x86_64 glibc-2.5-107.el5_9.4.i686.rpm glibc-2.5-107.el5_9.4.x86_64.rpm glibc-common-2.5-107.el5_9.4.x86_64.rpm glibc-debuginfo-2.5-107.el5_9.4.i386.rpm glibc-debuginfo-2.5-107.el5_9.4.i686.rpm glibc-debuginfo-2.5-107.el5_9.4.x86_64.rpm glibc-debuginfo-common-2.5-107.el5_9.4.i386.rpm glibc-devel-2.5-107.el5_9.4.i386.rpm glibc-devel-2.5-107.el5_9.4.x86_64.rpm glibc-headers-2.5-107.el5_9.4.x86_64.rpm glibc-utils-2.5-107.el5_9.4.x86_64.rpm nscd-2.5-107.el5_9.4.x86_64.rpm i386 glibc-2.5-107.el5_9.4.i386.rpm glibc-2.5-107.el5_9.4.i686.rpm glibc-common-2.5-107.el5_9.4.i386.rpm glibc-debuginfo-2.5-107.el5_9.4.i386.rpm glibc-debuginfo-2.5-107.el5_9.4.i686.rpm glibc-debuginfo-common-2.5-107.el5_9.4.i386.rpm glibc-devel-2.5-107.el5_9.4.i386.rpm glibc-headers-2.5-107.el5_9.4.i386.rpm glibc-utils-2.5-107.el5_9.4.i386.rpm nscd-2.5-107.el5_9.4.i386.rpm - Scientific Linux Development Team