——————————————————————————–
Fedora Update Notification
FEDORA-2016-68abc0be35
2016-05-10 11:45:44.966689
——————————————————————————–

Name : glibc
Product : Fedora 23
Version : 2.22
Release : 15.fc23
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

——————————————————————————–
Update Information:

This update contains minor security fixes (for CVE-2016-3075, CVE-2016-1234,
CVE-2015-8778, CVE-2015-8776, CVE-2014-9761, CVE-2015-8779) and collects fixes
for bugs encountered by Fedora users.
——————————————————————————–
References:

[ 1 ] Bug #1316972 – glibc: NULL pointer dereference in stub resolver with unconnectable name server addresses
https://bugzilla.redhat.com/show_bug.cgi?id=1316972
[ 2 ] Bug #1321861 – glibc: “getent group” listing using nss_db fails when entries are long
https://bugzilla.redhat.com/show_bug.cgi?id=1321861
[ 3 ] Bug #1313404 – Test suite failure: elf/tst-audit10 and elf/tst-audit4
https://bugzilla.redhat.com/show_bug.cgi?id=1313404
[ 4 ] Bug #1332914 – glibc: Backport nss_dns hardening patches
https://bugzilla.redhat.com/show_bug.cgi?id=1332914
[ 5 ] Bug #1321954 – CVE-2016-3075 glibc: Stack overflow in nss_dns_getnetbyname_r [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1321954
[ 6 ] Bug #1332912 – glibc: nss_hesiod: Heap overflow in get_txt_records
https://bugzilla.redhat.com/show_bug.cgi?id=1332912
[ 7 ] Bug #1333940 – glibc: Avoid build failure in TZ tests
https://bugzilla.redhat.com/show_bug.cgi?id=1333940
[ 8 ] Bug #1332917 – glibc: Deadlock between fflush, getdelim, and fork
https://bugzilla.redhat.com/show_bug.cgi?id=1332917
[ 9 ] Bug #1333945 – glibc: dlerror () returns NULL after dlsym (RTLD_NEXT) of a non-existent symbol
https://bugzilla.redhat.com/show_bug.cgi?id=1333945
[ 10 ] Bug #1315648 – CVE-2016-1234 glibc: Stack-based buffer overflow in glob with GLOB_ALTDIRFUNC and crafted directory [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1315648
[ 11 ] Bug #1333901 – glibc: getnameinfo: fix memory leak and incorrect truncation checks
https://bugzilla.redhat.com/show_bug.cgi?id=1333901
[ 12 ] Bug #1288740 – glibc: tst-makecontext fails on armhfp
https://bugzilla.redhat.com/show_bug.cgi?id=1288740
[ 13 ] Bug #1307234 – strfmon_l does not group digits.
https://bugzilla.redhat.com/show_bug.cgi?id=1307234
[ 14 ] Bug #1300304 – CVE-2015-8778 glibc: Integer overflow in hcreate and hcreate_r [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300304
[ 15 ] Bug #1300300 – CVE-2015-8776 glibc: Segmentation fault caused by passing out-of-range data to strftime() [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300300
[ 16 ] Bug #1293139 – Invalid memory access in getmntent_r()
https://bugzilla.redhat.com/show_bug.cgi?id=1293139
[ 17 ] Bug #1300311 – CVE-2014-9761 glibc: Unbounded stack allocation in nan* functions [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300311
[ 18 ] Bug #1300314 – CVE-2015-8779 glibc: Unbounded stack allocation in catopen function [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1300314
[ 19 ] Bug #1321372 – Incorrect first day of the week for es_CL locale
https://bugzilla.redhat.com/show_bug.cgi?id=1321372
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update glibc’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/package-announce

 

 

——————————————————————————–
Fedora Update Notification
FEDORA-2016-b0e67c88b5
2016-05-12 16:11:02.767662
——————————————————————————–

Name        : glibc
Product     : Fedora 23
Version     : 2.22
Release     : 16.fc23
URL         : http://www.gnu.org/software/glibc/
Summary     : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

——————————————————————————–
Update Information:

This update addresses a minor security bug (CVE-2016-3706) and works around a
bug in Address Sanitizer (ASAN) which would cause ASAN-enabled binaries to fail
after the update to glibc-2.22-16.fc23 (Fedora#1335011). Locale updates are
included as well.
——————————————————————————–
References:

  [ 1 ] Bug #1282011 – first_weekday wrong for hr_HR locale
        https://bugzilla.redhat.com/show_bug.cgi?id=1282011
  [ 2 ] Bug #1204521 – fr_CH LC_TIME has wrong first day of week
        https://bugzilla.redhat.com/show_bug.cgi?id=1204521
  [ 3 ] Bug #1330888 – CVE-2016-3706 glibc: stack (frame) overflow in getaddrinfo() when called with AF_INET, AF_INET6 (incomplete fix for CVE-2013-4458) [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1330888
  [ 4 ] Bug #1335011 – dlsym (RTLD_NEXT)/dlerror fix breaks Adress Sanitizer (ASAN)
        https://bugzilla.redhat.com/show_bug.cgi?id=1335011
——————————————————————————–

This update can be installed with the “yum” update program. Use
su -c ‘yum update glibc’ at the command line.
For more information, refer to “Managing Software with yum”,
available at https://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key.  More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
——————————————————————————–
_______________________________________________
package-announce mailing list
package-announce@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/package-announce@lists.fedoraproject.org