File _patchinfo of Package patchinfo.10853

<patchinfo incident="10853">
  <issue tracker="bnc" id="1128574">gstack displays only one thread when specifying a multi-threaded process</issue>
  <issue tracker="bnc" id="1110661">glibc segmentation fault with truncated /etc/ld.so.cache</issue>
  <issue tracker="bnc" id="1100396">locales ja_JP New Japanese Era name support</issue>
  <issue tracker="bnc" id="1127223">VUL-1: CVE-2009-5155: glibc: parse_reg_exp in posix/regcomp.c misparses alternatives, which allows attackers to cause a denial of service</issue>
  <issue tracker="bnc" id="1122729">VUL-1: CVE-2016-10739: glibc: getaddrinfo should fully parse IPv4 address strings</issue>
  <issue tracker="bnc" id="1127308">VUL-1: CVE-2019-9169: glibc: heap-based buffer over-read via an attempted case-insensitive regular-expression match</issue>
  <issue tracker="bnc" id="1131994">SLES 12 SP4 - Glibc: Disable Transactional Execution as default and enable it with GLIBC_ELISION_ENABLE=yes.</issue>
  <issue tracker="fate" id="322271"/>
  <issue tracker="fate" id="325570"/>
  <issue tracker="cve" id="2016-10739"/>
  <issue tracker="cve" id="2019-9169"/>
  <issue tracker="cve" id="2009-5155"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>Andreas_Schwab</packager>
  <description>This update for glibc fixes the following issues:

Security issues fixed:

- CVE-2019-9169: regex: fix read overrun (bsc#1127308, BZ #24114)
- CVE-2016-10739: Fully parse IPv4 address strings (bsc#1122729, BZ #20018)
- CVE-2009-5155: ERE '0|()0|\1|0' causes regexec undefined behavior (bsc#1127223, BZ #18986)

Non-security issues fixed:

- Enable TLE only if GLIBC_ELISION_ENABLE=yes is defined (bsc#1131994, fate#322271)
- Add more checks for valid ld.so.cache file (bsc#1110661, BZ #18093)
- Added cfi information for start routines in order to stop unwinding (bsc#1128574)
- ja_JP locale: Add entry for the new Japanese era (bsc#1100396, fate#325570, BZ #22964)
</description>
  <summary>Security update for glibc</summary>
</patchinfo>