RHSA-2011:0412: glibc security update

Description

The glibc packages contain the standard C libraries used by multipleprograms on the system. These packages contain the standard C and thestandard math libraries. Without these two libraries, a Linux system cannotfunction properly.The fix for CVE-2010-3847 introduced a regression in the way the dynamicloader expanded the $ORIGIN dynamic string token specified in the RPATH andRUNPATH entries in the ELF library header. A local attacker could use thisflaw to escalate their privileges via a setuid or setgid program usingsuch a library. (CVE-2011-0536)It was discovered that the glibc addmntent() function did not sanitize itsinput properly. A local attacker could possibly use this flaw to injectmalformed lines into /etc/mtab via certain setuid mount helpers, if theattacker were allowed to mount to an arbitrary directory under theircontrol. (CVE-2010-0296)It was discovered that the glibc fnmatch() function did not properlyrestrict the use of alloca(). If the function was called on sufficientlylarge inputs, it could cause an application using fnmatch() to crash or,possibly, execute arbitrary code with the privileges of the application.(CVE-2011-1071)It was discovered that the locale command did not produce properly escapedoutput as required by the POSIX specification. If an attacker were able toset the locale environment variables in the environment of a script thatperformed shell evaluation on the output of the locale command, and thatscript were run with different privileges than the attacker's, it couldexecute arbitrary code with the privileges of the script. (CVE-2011-1095)All users should upgrade to these updated packages, which containbackported patches to correct these issues.