Fedora Linux 8730 Published by

A glibc security update has been released for Fedora 35.



SECURITY: Fedora 35 Update: glibc-2.34-6.fc35


--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2021-16dc1f33af
2021-09-29 00:16:07.673232
--------------------------------------------------------------------------------

Name : glibc
Product : Fedora 35
Version : 2.34
Release : 6.fc35
URL :   http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Description :
The glibc package contains standard libraries which are used by
multiple programs on the system. In order to save disk space and
memory, as well as to make upgrading easier, common system code is
kept in one place and shared between programs. This particular package
contains the most important sets of shared libraries: the standard C
library and the standard math library. Without these two libraries, a
Linux system will not function.

--------------------------------------------------------------------------------
Update Information:

This is a regular glibc maintenance update. It addresses a regression in
`pthread_cancel` (spurious `ESRCH` errors) and fixes a bug where tools like
`top` would not show all CPUs in the system. A minor security issue in the
rarely-used `mq_notify` function is addressed (CVE-2021-38604). Furthermore,
the `C.UTF-8` locale is replaced by its upstream implementation.
--------------------------------------------------------------------------------
ChangeLog:

* Thu Sep 23 2021 Florian Weimer - 2.34-6
- Sync with upstream branch release/2.34/master,
commit 33adeaa3e2b9143c38884bc5aa65ded222ed274e:
- nptl: Avoid setxid deadlock with blocked signals in thread exit [BZ #28361]
- Use support_open_dev_null_range io/tst-closefrom, misc/tst-close_range, and
posix/tst-spawn5 (BZ #28260)
- support: Add support_open_dev_null_range
- nptl: Fix type of pthread_mutexattr_getrobust_np,
pthread_mutexattr_setrobust_np (bug 28036)
- nptl: pthread_kill needs to return ESRCH for old programs (bug 19193)
* Wed Sep 15 2021 Florian Weimer - 2.34-5
- Use system CPU count for sysconf(_SC_NPROCESSORS_*) (#1992702)
* Wed Sep 15 2021 Florian Weimer - 2.34-4
- Sync with upstream branch release/2.34/master,
commit 4ed990e5b97a61f29f929bdeb36c5b2abb547a64:
- Add MADV_POPULATE_READ and MADV_POPULATE_WRITE from Linux 5.14 to
bits/mman-linux.h
- Update kernel version to 5.14 in tst-mman-consts.py
- Update syscall lists for Linux 5.14
- Use Linux 5.14 in build-many-glibcs.py
- Fix failing nss/tst-nss-files-hosts-long with local resolver
- iconvconfig: Fix behaviour with --prefix [BZ #28199]
- nptl: Fix race between pthread_kill and thread exit (swbz#12889, #1994068)
- nptl: pthread_kill, pthread_cancel should not fail after exit
(swbz#19193, #1994068)
- support: Add support_wait_for_thread_exit
- MIPS: Setup errno for {f,l,}xstat
- x86-64: Use testl to check __x86_string_control
- elf: Fix missing colon in LD_SHOW_AUXV output (swbz#28253, #1995648)
- librt: add test (swbz#28213, #1994264)
- CVE-2021-38604: fix NULL pointer dereference in mq_notify
(swbz#28213, #1994264)
- Linux: Fix fcntl, ioctl, prctl redirects for _TIME_BITS=64 (bug 28182)
- iconv_charmap: Close output file when done
- copy_and_spawn_sgid: Avoid double calls to close()
- gaiconf_init: Avoid double-free in label and precedence lists
- gconv_parseconfdir: Fix memory leak
- ldconfig: avoid leak on empty paths in config file
* Wed Sep 15 2021 Florian Weimer - 2.34-3
- Switch to upstream version of C.UTF-8 (#1997589)
--------------------------------------------------------------------------------
References:

[ 1 ] Bug #1993518 - CVE-2021-38604 glibc: NULL pointer dereference in helper_thread() in mq_notify.c while handling NOTIFY_REMOVED messages [fedora-all]
  https://bugzilla.redhat.com/show_bug.cgi?id=1993518
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-16dc1f33af' at the command
line. For more information, refer to the dnf documentation available at
  http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
  https://fedoraproject.org/keys