It was found that the fix for CVE-2013-4458 is incomplete. A stack (frame) overflow flaw, which could led to a denial of service (application crash), was found in the way glibc's getaddrinfo() function processed certain requests when called with AF_INET or AF_INET6. This is less substantial than the CVE-2013-4458 issue because there is an other, unfixed bug in nss_files which causes it to use gigabytes of stack space with "multi on" (our default) in /etc/host.conf. Only about 4096 addresses fit into a DNS reply, so this is not really exploitable via nss_dns (only in fringe cases with extremely small stacks, as sometimes seen with Java VMs).
Acknowledgments: Name: Michael Petlan (Red Hat)
Created glibc tracking bugs for this issue: Affects: fedora-all [bug 1330888]