CESA-2021:0348 -- centos 7 glibc, nscdID: oval:org.secpod.oval:def:205836 | Date: (C)2021-02-24 (M)2024-04-26 |
Class: PATCH | Family: unix |
The glibc packages provide the standard C libraries , POSIX thread libraries , standard math libraries , and the name service cache daemon used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly. Security Fix: * glibc: buffer over-read in iconv when processing invalid multi-byte input sequences in the EUC-KR encoding * glibc: stack corruption from crafted input in cosl, sinl, sincosl, and tanl functions * glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern For more details about the security issue, including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section. Bug Fix: * glibc: 64bit_strstr_via_64bit_strstr_sse2_unaligned detection fails with large device and inode numbers * glibc: Performance regression in ebizzy benchmark