+++ This bug was initially created as a clone of Bug #797094 +++ Description of problem: Upstream has fixed couple of unbound alloca uses which can lead to program crashes if excessively long inputs are passed to certain functions. RHEL-5 glibc version does not seem to have affected nscd_getserv_r, but the glob and getaddrinfo issues should apply.
This request was evaluated by Red Hat Product Management for inclusion in a Red Hat Enterprise Linux release. Product Management has requested further review of this request by Red Hat Engineering, for potential inclusion in a Red Hat Enterprise Linux release for currently deployed products. This request is not yet committed for inclusion in a release.
Created attachment 583711 [details] Patch part#1
Created attachment 583712 [details] Patch part #2
Technical note added. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. New Contents: Same as RHEL 6.3 BZ 797094
Technical note updated. If any revisions are required, please edit the "Technical Notes" field accordingly. All revisions will be proofread by the Engineering Content Services team. Diffed Contents: @@ -1 +1 @@ -Same as RHEL 6.3 BZ 797094+Subset of RHEL 6.3 BZ 797094, RHEL 5.9 update doesn't affect nscd.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2013-0022.html