RHEL 3 : glibc (RHSA-2004:586)

low Nessus Plugin ID 16018

Synopsis

The remote Red Hat host is missing one or more security updates.

Description

Updated glibc packages that address several bugs and implement some enhancements are now available.

The GNU libc packages (known as glibc) contain the standard C libraries used by applications.

This errata fixes several bugs in the GNU C Library.

Fixes include (in addition to enclosed Bugzilla entries) :

- fixed 32-bit atomic operations on 64-bit powerpc - fixed
-m32 -I /usr/include/nptl compilation on AMD64 - NPTL <pthread.h> should now be usable in C++ code or
-pedantic -std=c89 C - rwlocks are now available also in the _POSIX_C_SOURCE=200112L namespace - pthread_once is no longer throw(), as the callback routine might throw - pthread_create now correctly returns EAGAIN when thread couldn't be created because of lack of memory - fixed NPTL stack freeing in case of pthread_create failure with detached thread - fixed pthread_mutex_timedlock on i386 and AMD64 - Itanium gp saving fix in linuxthreads - fixed s390/s390x unwinding tests done during cancellation if stack frames are small - fixed fnmatch(3) backslash handling - fixed out of memory behaviour of syslog(3) - resolver ID randomization - fixed fim (NaN, NaN) - glob(3) fixes for dangling symlinks - catchsegv fixed to work with both 32-bit and 64-bit binaries on x86-64, s390x and ppc - fixed reinitialization of _res when using NPTL stack cache - updated bug reporting instructions, removed glibcbug script - fixed infinite loop in iconv with some options
- fixed inet_aton return value - CPU friendlier busy waiting in linuxthreads on EM64T and IA-64 - avoid blocking/masking debug signal in linuxthreads - fixed locale program output when neither LC_ALL nor LANG is set - fixed using of uninitialized memory in localedef - fixed mntent_r escape processing - optimized mtrace script - linuxthread_db fixes on ppc64 - cfi instructions in x86-64 linuxthreads vfork - some
_POSIX_C_SOURCE=200112L namespace fixes

All users of glibc should upgrade to these updated packages, which resolve these issues.

Solution

Update the affected packages.

See Also

https://access.redhat.com/security/cve/cve-2004-0968

https://access.redhat.com/errata/RHSA-2004:586

Plugin Details

Severity: Low

ID: 16018

File Name: redhat-RHSA-2004-586.nasl

Version: 1.28

Type: local

Agent: unix

Published: 12/21/2004

Updated: 1/14/2021

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:glibc-profile, p-cpe:/a:redhat:enterprise_linux:glibc-headers, p-cpe:/a:redhat:enterprise_linux:nscd, cpe:/o:redhat:enterprise_linux:3, p-cpe:/a:redhat:enterprise_linux:glibc-utils, p-cpe:/a:redhat:enterprise_linux:glibc-common, p-cpe:/a:redhat:enterprise_linux:glibc-devel, p-cpe:/a:redhat:enterprise_linux:glibc, p-cpe:/a:redhat:enterprise_linux:nptl-devel

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 12/20/2004

Vulnerability Publication Date: 2/9/2005

Reference Information

CVE: CVE-2004-0968

RHSA: 2004:586