Updated glibc packages are available to fix an overflowable buffer and for 7.x to fix a couple of non-security related bugs.
An overflowable buffer exists in earlier versions of glibc glob(3) implementation. It may be possible to exploit programs that pass user modifiable input to the glibc glob function. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2001-0886 to this issue. This errata also fixes a couple of non-security related bugs in glibc packages for Red Hat Linux 7.x. There was a bug in the dynamic linker which caused DT_RUNPATH dynamic tags (e.g. created by GNU ld with --enable-new-dtags -rpath DIR options) to behave the same way as mere DT_RPATH tag, ie. search paths in it couldn't be overridden by LD_LIBRARY_PATH environment variable; this is fixed in the updated packages, as well as a strndup bug when strndup was used with string literal argument and a typo in <inttypes.h> header. It is recommended that all users upgrade to provided packages. We'd like to thank Flavio Veloso <email@example.com> for discovering this buffer overflow problem.