Fedora 34: 2021:3fc0188b3a Severe Memory Corruption in glibc NSS Cache

The glibc package contains standard libraries which are used by

multiple programs on the system. In order to save disk space and

memory, as well as to make upgrading easier, common system code is

kept in one place and shared between programs. This particular package

contains the most important sets of shared libraries: the standard C

library and the standard math library. Without these two libraries, a

Linux system will not function.

This glibc update contains a fix for a double-free in the nscd netgroup cache,

and improves debugging information by: * not removing debugging information

from ld.so * adjusting to changes in rpm in order to keep stripping debugging

information from binaries * removing a conflict between contents of 32 and 64

bit debuginfo packages so they can remain installed simultaneously on a system

* Wed May 19 2021 Arjun Shankar - 2.32-6

- Use distribution mechanism for debuginfo (#1661510, #1886295, #1905611)

* Tue May 18 2021 Arjun Shankar - 2.32-5

- Auto-sync with upstream branch release/2.32/master,

commit 1799ac8eabe87acd7b1ef7c3a483171489563482:

- support: Typo and formatting fixes

- support: Pass environ to child process

- Fix SXID_ERASE behavior in setuid programs (BZ #27471)

- Enhance setuid-tunables test

- tst-env-setuid: Use support_capture_subprogram_self_sgid

- support: Add capability to fork an sgid child

- S390: Also check vector support in memmove ifunc-selector [BZ #27511]

- powerpc64: Workaround sigtramp vdso return call

- nscd: Fix double free in netgroupcache [BZ #27462]

[ 1 ] Bug #1661510 - glibc: Adjust to rpm's find-debuginfo.sh changes, to keep stripping binaries [Fedora]

https://bugzilla.redhat.com/show_bug.cgi?id=1661510

[ 2 ] Bug #1886295 - glibc: ldconfig debuginfo file conflict between i686 and x86_64

https://bugzilla.redhat.com/show_bug.cgi?id=1886295

[ 3 ] Bug #1905611 - glibc: Do not remove debugging information from ld.so

https://bugzilla.redhat.com/show_bug.cgi?id=1905611

[ 4 ] Bug #1932590 - CVE-2021-27645 glibc: Use-after-free in addgetnetgrentX function in netgroupcache.c [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1932590

su -c 'dnf upgrade --advisory FEDORA-2021-2ba993d6c5' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure