File _patchinfo of Package patchinfo.2977

  <issue id="887022" tracker="bnc">VUL-0: CVE-2014-0475 glibc: directory traversal in LC_* locale handling</issue>
  <issue id="892073" tracker="bnc">VUL-0: glibc,glibc.i686: CVE-2014-5119: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find()</issue>
  <issue id="CVE-2014-0475" tracker="cve" />
  <issue id="CVE-2014-5119" tracker="cve" />
      <issue tracker="cve" id="CVE-2014-6040"/>
	    <issue tracker="bnc" id="894553"/>

glibc was updated to fix three security issues:

- A directory traversal in locale environment handling was fixed
 (CVE-2014-0475, bnc#887022, GLIBC BZ #17137)

- Disable gconv transliteration module loading which could be used for
  code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)

- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
  bnc#894553, BZ #17325)
  <summary>glibc: security update</summary>
openSUSE Build Service is sponsored by