Bug 516

Summary: upgrade glibc from 2.12.1 to 2.13.0 (latest stable) to fix bugs and fix security problem
Product: Mageia Reporter: Y.LE_NY <yleny>
Component: RPM PackagesAssignee: Mageia Bug Squad <bugsquad>
Status: RESOLVED FIXED QA Contact:
Severity: normal    
Priority: Normal CC: arnaud.patard, dmorganec, marja11, misc, tmb
Version: Cauldron   
Target Milestone: Mageia 2   
Hardware: i586   
OS: Linux   
Whiteboard:
Source RPM: CVE:
Status comment:

Description Y.LE_NY 2011-03-23 22:29:00 CET 
Description of problem:
Mageia 1 Alpha 2 use glibc 2.12.1 release 
but the latest stable version is 2.13.0.
Please upgrade it from 2.12.1 (2010-08-03) to 2.13.0 (2011-02-01) to fix bugs
and fix security problem.

glibc 2.12.90-18 to 2.13.0 changelog available at
http://www.mail-archive.com/package-announce@lists.fedoraproject.org/msg19754.html
and
glibc 2.12.2 changelog available at
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052580.html

Sources:
http://ftp.gnu.org/gnu/glibc/glibc-2.13.tar.gz

For better information, latest alsa release in several Linux
Distribution :
Fedora 15 rawhide use 2.13.90 et Fedora 14 use 2.12.90
OpenSuse 11.4 and factory use 2.11.3
Debian unstable sid use 2.11.2	
Ubuntu snapshot natty use 2.13
Mandriva cooker use 2.12.1

Version-Release number of selected component (if applicable):
glibc-2.12.1-11.mga1


Reproducible: 

Steps to Reproduce:
Y.LE_NY 2011-03-23 22:30:10 CET

CC: (none) => arnaud.patard

Y.LE_NY 2011-03-23 22:30:38 CET

CC: (none) => misc

Y.LE_NY 2011-03-23 22:31:30 CET

CC: (none) => dmorganec

Y.LE_NY 2011-03-23 22:31:55 CET

CC: (none) => tmb

Comment 1 Michael Scherer 2011-03-23 23:38:49 CET 
What security problem are you talking about ?
Comment 2 Y.LE_NY 2011-03-23 23:45:57 CET 
(In reply to comment #1)
> What security problem are you talking about ?

- Require suid bit on audit objects in privileged programs (CVE-2010-3856)
- Never expand $ORIGIN in privileged programs (#643306, CVE-2010-3847)
Comment 3 Y.LE_NY 2011-04-09 20:02:54 CEST 
glibc is not upgraded from 2.12.1 to 2.13.0 in Mageia 1 Beta 1.
Then now, is it for Mageia 2 release ?
Comment 4 Thomas Backlund 2011-04-11 10:05:24 CEST 

It will be done in Cauldron after Mageia 1 is released...

There are still recent bugs showing up in glibc-2.13, so its not a "simple and safe" upgrade.

We want a very stable Mageia 1

Target Milestone: --- => Mageia 2

Comment 5 Y.LE_NY 2011-04-12 13:25:51 CEST 
(In reply to comment #4)
> 
> It will be done in Cauldron after Mageia 1 is released...
OK, no problems.


> There are still recent bugs showing up in glibc-2.13, so its not a "simple and
> safe" upgrade.
> 
> We want a very stable Mageia 1
Me too.
Comment 6 Marja Van Waes 2011-10-07 22:49:11 CEST 
no maintainer yet :(

CC: (none) => marja11

Comment 7 Manuel Hiebel 2011-10-18 21:04:02 CEST 
glibc 2.14.1 is now in updates-testing (cauldron)

Status: NEW => RESOLVED
Resolution: (none) => FIXED