openSUSE Recommended Update: glibc: fix clock_gettime call ______________________________________________________________________________ Announcement ID: openSUSE-RU-2012:0360-1 Rating: moderate References: #747768 #749126 Affected Products: openSUSE 12.1 ______________________________________________________________________________ An update that solves one vulnerability and has one errata is now available. Description: This update fixes the following issues in glibc: - 747768: format string protection bypass via "nargs" integer overflow - 749126: Fix clock_gettime call Patch Instructions: To install this openSUSE Recommended Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 12.1: zypper in -t patch openSUSE-2012-160 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 12.1 (i586 x86_64): glibc-2.14.1-14.25.1 glibc-debuginfo-2.14.1-14.25.1 glibc-debugsource-2.14.1-14.25.1 glibc-devel-2.14.1-14.25.1 glibc-devel-debuginfo-2.14.1-14.25.1 glibc-devel-static-2.14.1-14.25.1 glibc-locale-2.14.1-14.25.1 glibc-locale-debuginfo-2.14.1-14.25.1 glibc-profile-2.14.1-14.25.1 glibc-utils-2.14.1-14.25.1 glibc-utils-debuginfo-2.14.1-14.25.1 nscd-2.14.1-14.25.1 nscd-debuginfo-2.14.1-14.25.1 - openSUSE 12.1 (noarch): glibc-html-2.14.1-14.25.1 glibc-i18ndata-2.14.1-14.25.1 glibc-info-2.14.1-14.25.1 - openSUSE 12.1 (i586): glibc-obsolete-2.14.1-14.25.1 glibc-obsolete-debuginfo-2.14.1-14.25.1 References: http://support.novell.com/security/cve/CVE-2012-0864.html https://bugzilla.novell.com/747768 https://bugzilla.novell.com/749126