Security update for glibc

SUSE Security Update: Security update for glibc

Announcement ID:	SUSE-SU-2012:1666-1
Rating:	moderate
References:	#750741 #767266 #770891 #775690 #777233 #783060
Affected Products:	SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Server 11 SP2 for VMware SUSE Linux Enterprise Server 11 SP2 SUSE Linux Enterprise Desktop 11 SP2

An update that solves four vulnerabilities and has two fixes is now available.

Description:

This collective update for the GNU C library (glibc)
provides the following fixes:

* Fix strtod integer/buffer overflows (bnc#775690,
CVE-2012-3480)
* Fix vfprintf handling of many format specifiers
(bnc#770891, CVE-2012-3404, CVE-2012-3405, CVE-2012-3406)
* Fix pthread_cond_timedwait stack unwinding
(bnc#750741, bnc#777233)
* Improve fix for dynamic library unloading (bnc#783060)
* Fix resolver when first query fails, but second one
succeeds (bnc#767266).

Security Issue references:

* CVE-2012-3404
>
* CVE-2012-3405
>
* CVE-2012-3406
>
* CVE-2012-3480
>

Patch Instructions:

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

SUSE Linux Enterprise Software Development Kit 11 SP2:
zypper in -t patch sdksp2-glibc-7110
SUSE Linux Enterprise Server 11 SP2 for VMware:
zypper in -t patch slessp2-glibc-7110
SUSE Linux Enterprise Server 11 SP2:
zypper in -t patch slessp2-glibc-7110
SUSE Linux Enterprise Desktop 11 SP2:
zypper in -t patch sledsp2-glibc-7110

To bring your system up-to-date, use "zypper patch".

Package List:

SUSE Linux Enterprise Software Development Kit 11 SP2 (i586 x86_64):

glibc-html-2.11.3-17.43.1

glibc-info-2.11.3-17.43.1
SUSE Linux Enterprise Server 11 SP2 for VMware (i586 i686 x86_64):

glibc-2.11.3-17.43.1

glibc-devel-2.11.3-17.43.1
SUSE Linux Enterprise Server 11 SP2 for VMware (i586 x86_64):

glibc-html-2.11.3-17.43.1

glibc-i18ndata-2.11.3-17.43.1

glibc-info-2.11.3-17.43.1

glibc-locale-2.11.3-17.43.1

glibc-profile-2.11.3-17.43.1

nscd-2.11.3-17.43.1
SUSE Linux Enterprise Server 11 SP2 for VMware (x86_64):

glibc-32bit-2.11.3-17.43.1

glibc-devel-32bit-2.11.3-17.43.1

glibc-locale-32bit-2.11.3-17.43.1

glibc-profile-32bit-2.11.3-17.43.1
SUSE Linux Enterprise Server 11 SP2 (i586 i686 ia64 ppc64 s390x x86_64):

glibc-2.11.3-17.43.1

glibc-devel-2.11.3-17.43.1
SUSE Linux Enterprise Server 11 SP2 (i586 ia64 ppc64 s390x x86_64):

glibc-html-2.11.3-17.43.1

glibc-i18ndata-2.11.3-17.43.1

glibc-info-2.11.3-17.43.1

glibc-locale-2.11.3-17.43.1

glibc-profile-2.11.3-17.43.1

nscd-2.11.3-17.43.1
SUSE Linux Enterprise Server 11 SP2 (ppc64 s390x x86_64):

glibc-32bit-2.11.3-17.43.1

glibc-devel-32bit-2.11.3-17.43.1

glibc-locale-32bit-2.11.3-17.43.1

glibc-profile-32bit-2.11.3-17.43.1
SUSE Linux Enterprise Server 11 SP2 (ia64):

glibc-locale-x86-2.11.3-17.43.1

glibc-profile-x86-2.11.3-17.43.1

glibc-x86-2.11.3-17.43.1
SUSE Linux Enterprise Desktop 11 SP2 (i586 i686 x86_64):

glibc-2.11.3-17.43.1

glibc-devel-2.11.3-17.43.1
SUSE Linux Enterprise Desktop 11 SP2 (i586 x86_64):

glibc-i18ndata-2.11.3-17.43.1

glibc-locale-2.11.3-17.43.1

nscd-2.11.3-17.43.1
SUSE Linux Enterprise Desktop 11 SP2 (x86_64):

glibc-32bit-2.11.3-17.43.1

glibc-devel-32bit-2.11.3-17.43.1

glibc-locale-32bit-2.11.3-17.43.1

References:

http://support.novell.com/security/cve/CVE-2012-3404.html
http://support.novell.com/security/cve/CVE-2012-3405.html
http://support.novell.com/security/cve/CVE-2012-3406.html
http://support.novell.com/security/cve/CVE-2012-3480.html
https://bugzilla.novell.com/750741
https://bugzilla.novell.com/767266
https://bugzilla.novell.com/770891
https://bugzilla.novell.com/775690
https://bugzilla.novell.com/777233
https://bugzilla.novell.com/783060
http://download.suse.com/patch/finder/?keywords=9fecd6bf7ccef88c72b5e69256e9ec44