FEDORA-2016-68abc0be35

security update in Fedora 23 for glibc

Status: stable 2 years ago

This update contains minor security fixes (for CVE-2016-3075, CVE-2016-1234, CVE-2015-8778, CVE-2015-8776, CVE-2014-9761, CVE-2015-8779) and collects fixes for bugs encountered by Fedora users.

Reboot Required

After installing this update it is required that you reboot your system to ensure the changes supplied by this update are applied properly.

Comments 9

This update has been submitted for testing by fweimer.

This update has been pushed to testing.

Works for me on x86_64 and i686.

karma: +1 critpath: +1

works for me

karma: +1

This update has been submitted for stable by fweimer.

No regressions noted.

karma: +1 critpath: +1

This update has been pushed to stable.


Add Comment & Feedback
Toggle Preview

Comment fields support Fedora-Flavored Markdown. Comments are governed under this privacy policy.

-1 0 +1 Feedback Guidelines
#1316972 glibc: NULL pointer dereference in stub resolver with unconnectable name server addresses
#1321861 glibc: "getent group" listing using nss_db fails when entries are long
#1313404 Test suite failure: elf/tst-audit10 and elf/tst-audit4
#1332914 glibc: Backport nss_dns hardening patches
#1321954 CVE-2016-3075 glibc: Stack overflow in nss_dns_getnetbyname_r [fedora-all]
#1332912 glibc: nss_hesiod: Heap overflow in get_txt_records
#1333940 glibc: Avoid build failure in TZ tests
#1332917 glibc: Deadlock between fflush, getdelim, and fork
#1333945 glibc: dlerror () returns NULL after dlsym (RTLD_NEXT) of a non-existent symbol
#1315648 CVE-2016-1234 glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory [fedora-all]
#1333901 glibc: getnameinfo: fix memory leak and incorrect truncation checks
#1288740 glibc: tst-makecontext fails on armhfp
#1307234 strfmon_l does not group digits.
#1300304 CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r [fedora-all]
#1300300 CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() [fedora-all]
#1293139 Invalid memory access in getmntent_r()
#1300311 CVE-2014-9761 glibc: Unbounded stack allocation in nan* functions [fedora-all]
#1300314 CVE-2015-8779 glibc: Unbounded stack allocation in catopen function [fedora-all]
#1321372 Incorrect first day of the week for es_CL locale
Does the system's basic functionality continue to work after this update?
Is the update generally functional?
Content Type
RPM
Status
stable
Test Gating Status
Tests not running
Submitted by
Update Type
security
Update Severity
low
Karma
+3
Autopush
Disabled
Dates
submitted 2 years ago
in testing 2 years ago
in stable 2 years ago

Related Bugs 19

00 #1316972 glibc: NULL pointer dereference in stub resolver with unconnectable name server addresses
00 #1321861 glibc: "getent group" listing using nss_db fails when entries are long
00 #1313404 Test suite failure: elf/tst-audit10 and elf/tst-audit4
00 #1332914 glibc: Backport nss_dns hardening patches
0+1 #1321954 CVE-2016-3075 glibc: Stack overflow in nss_dns_getnetbyname_r [fedora-all]
00 #1332912 glibc: nss_hesiod: Heap overflow in get_txt_records
00 #1333940 glibc: Avoid build failure in TZ tests
00 #1332917 glibc: Deadlock between fflush, getdelim, and fork
00 #1333945 glibc: dlerror () returns NULL after dlsym (RTLD_NEXT) of a non-existent symbol
00 #1315648 CVE-2016-1234 glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory [fedora-all]
00 #1333901 glibc: getnameinfo: fix memory leak and incorrect truncation checks
00 #1288740 glibc: tst-makecontext fails on armhfp
00 #1307234 strfmon_l does not group digits.
00 #1300304 CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r [fedora-all]
00 #1300300 CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() [fedora-all]
00 #1293139 Invalid memory access in getmntent_r()
00 #1300311 CVE-2014-9761 glibc: Unbounded stack allocation in nan* functions [fedora-all]
00 #1300314 CVE-2015-8779 glibc: Unbounded stack allocation in catopen function [fedora-all]
00 #1321372 Incorrect first day of the week for es_CL locale

Automated Test Results

Test results and gating status may sometimes conflict as the gating status is retrieved periodically by Bodhi's backend server, while the test results presented here are retrieved upon page load. If your update is marked as gated while all the tests show green/passed, the next check of gating status should open the gate.