glibc: security update
glibc was updated to fix three security issues:
- A directory traversal in locale environment handling was fixed
(CVE-2014-0475, bnc#887022, GLIBC BZ #17137)
- Disable gconv transliteration module loading which could be used for
code execution (CVE-2014-5119, bnc#892073, GLIBC BZ #17187)
- Fix crashes on invalid input in IBM gconv modules (CVE-2014-6040,
bnc#894553, BZ #17325)
-
Submitted by
Andreas Schwab (Andreas_Schwab)
Fixed bugs
bnc#887022
VUL-0: CVE-2014-0475 glibc: directory traversal in LC_* locale handling
bnc#892073
VUL-0: glibc,glibc.i686: CVE-2014-5119: off-by-one error leading to a heap-based buffer overflow flaw in __gconv_translit_find()
bnc#894553
VUL-1: CVE-2014-6040: glibc: crash in code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364)
