-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2024-0f9690cec0 2024-05-19 01:29:46.920894 -------------------------------------------------------------------------------- Name : glibc Product : Fedora 40 Version : 2.39 Release : 13.fc40 URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Description : The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make upgrading easier, common system code is kept in one place and shared between programs. This particular package contains the most important sets of shared libraries: the standard C library and the standard math library. Without these two libraries, a Linux system will not function. -------------------------------------------------------------------------------- Update Information: This update: Was built with some improvements to the build process; Switches struct utmp and struct utmpx to use unsigned epoch values; Moves memory tracing libraries libmemusage\.so and libc_malloc_debug.so.0 to the glibc-utils sub-package so that they are not installed by default; Includes several bug fixes from the upstream glibc release branch. -------------------------------------------------------------------------------- ChangeLog: * Wed May 15 2024 Arjun Shankar <arjun@xxxxxxxxxx> - 2.39-13 - Move memory tracing libraries to glibc-utils * Fri May 10 2024 Florian Weimer <fweimer@xxxxxxxxxx> - 2.39-12 - Use unsigned types in <utmp.h>/<utmpx.h> (RHEL-22226) * Fri May 10 2024 Florian Weimer <fweimer@xxxxxxxxxx> - 2.39-11 - Sync with upstream branch release/2.39/master, commit 97bb89668d7171164975f3dc895e38343a2f3a95: - Force DT_RPATH for --enable-hardcoded-path-in-tests - elf: Only process multiple tunable once (BZ 31686) - Add a test to check for duplicate definitions in the static library - i686: Fix multiple definitions of __memmove_chk and __memset_chk - i586: Fix multiple definitions of __memcpy_chk and __mempcpy_chk - time: Allow later version licensing. - nscd: Use time_t for return type of addgetnetgrentX - login: structs utmp, utmpx, lastlog _TIME_BITS independence (bug 30701) - login: Check default sizes of structs utmp, utmpx, lastlog * Fri May 3 2024 Florian Weimer <fweimer@xxxxxxxxxx> - 2.39-10 - Build POWER10 multilib * Fri Apr 26 2024 Florian Weimer <fweimer@xxxxxxxxxx> - 2.39-9 - nscd is currently not build, so the security fixes below are not relevant. - Sync with upstream branch release/2.39/master, commit fd658f026f25cf59e8db243bc3b3e09cd5a20ba0: - elf: Also compile dl-misc.os with $(rtld-early-cflags) - CVE-2024-33601, CVE-2024-33602: nscd: netgroup: Use two buffers in addgetnetgrentX (bug 31680) - CVE-2024-33600: nscd: Avoid null pointer crashes after notfound response (bug 31678) - CVE-2024-33600: nscd: Do not send missing not-found response in addgetnetgrentX (bug 31678) - CVE-2024-33599: nscd: Stack-based buffer overflow in netgroup cache (bug 31677) - x86: Define MINIMUM_X86_ISA_LEVEL in config.h [BZ #31676] - i386: ulp update for SSE2 --disable-multi-arch configurations - nptl: Fix tst-cancel30 on kernels without ppoll_time64 support -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2024-0f9690cec0' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- -- _______________________________________________ package-announce mailing list -- package-announce@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to package-announce-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/package-announce@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue