Glibc; Rhba-2009:1415: Bug Fix And Enhancement Update - Red Hat ENTERPRISE LINUX 5.4 - TECHNICAL NOTES Manual

GLib is the low-level core library that forms the basis for projects such as GTK+ and GNOME.
It provides data structure handling for C, portability wrappers, and interfaces for such runtime
functionality as an event loop, threads, dynamic loading, and an object system.
Diego Pettenò discovered multiple integer overflows causing heap-based buffer overflows in GLib's
Base64 encoding and decoding functions. An attacker could use these flaws to crash an application
using GLib's Base64 functions to encode or decode large, untrusted inputs, or, possibly, execute
arbitrary code as the user running the application.
Note: No application shipped with Red Hat Enterprise Linux 5 uses the affected functions. Third-party
applications may, however, be affected.
All users of glib2 should upgrade to these updated packages, which contain backported patches to
resolve these issues.

1.71. glibc

1.71.1. RHBA-2009:1415: bug fix and enhancement update

Updated glibc packages that fix various bugs and implement a technology preview of per-thread
memory pooling are now available.
The glibc packages contain the standard C libraries used by multiple programs on the system.
These packages contains the standard C and the standard math libraries. Without these two libraries,
the Linux system cannot function properly.
This update applies the following bug fixes:
• A strcmp() call in the setlocale() function could cause a segmentation fault (SIGSEGV) to
occur in multi-threaded applications. This was caused by an improper free() call, which freed
_nl_global_locale.__names[category] around the same time strcmp() tried to access it.
As such, it was possible for strcmp() to access _nl_global_locale.__names[category]
after it was freed (i.e. no longer available), resulting in a segmentation fault. To fix this, this update
adds a return() call to make _nl_global_locale.__names[category] available when
strcmp() accesses it.
• The getifaddrs() function listed invalid IPv6 interface names for Infiniband devices. This was
because Infiniband names are 20 bytes long, while glibc only prepares an 8-byte string array (i.e.
sll_addr) for interface names. When getifaddrs() copied the 20-byte string into sll_addr,
the result was a corrupted, invalid interface name. To prevent this, this update expands the field
size from 8 bytes to 24 bytes, allowing getifaddrs() to copy 20-byte Infiniband names to the
sll_addr string array.
• A previous update to glibc resulted in a performance regression with mutex() calls. This was
caused by the addition of mutual exclusion (mutex) types tested by pthread_mutex_lock()
and pthread_mutex_unlock(). To alleviate the problem, this update optimizes the
pthread_mutex_lock() and pthread_mutex_unlock() for the most common mutex types,
which improves the performance of mutex() calls in most common user scenarios.
• dl_runtime_profile on the IBM System Z incorrectly used the instruction lr to remove
stack frames, which could result in corrupted stacks in rare cases. With this update,
459
https://www.redhat.com/security/data/cve/CVE-2008-4316.html
460
(BZ#455580 )
461
(BZ#463252 )
459
(CVE-2008-4316 )
glibc
462
(BZ#467316 )
77