glibc: multiple issues

• CVE-2015-7547 (arbitrary code execution)

A stack-based buffer overflow was found in the way the libresolv library
performed dual A/AAAA DNS queries. A remote attacker could create a
specially crafted DNS response which could cause libresolv to crash or,
potentially, execute code with the permissions of the user running the
library. Note: this issue is only exposed when libresolv is called from
the nss_dns NSS service module.

• CVE-2015-8776 (information disclosure)

It was found that out-of-range time values passed to the strftime
function may cause it to crash, leading to a denial of service, or
potentially disclosure information.

• CVE-2015-8777 (restriction bypass)

LD_POINTER_GUARD was an environment variable which controls
security-related behavior, but was not ignored for privileged binaries
(in AT_SECURE mode). This might allow local attackers (who can supply
the environment variable) to bypass intended security restrictions.

• CVE-2015-8778 (arbitrary code execution)

An integer overflow in hcreate and hcreate_r which can result in
an out-of-bound memory access. This could lead to application crashes
or, potentially, arbitrary code execution.

• CVE-2015-8779 (arbitrary code execution)

A stack overflow (unbounded alloca) in the catopen function can cause
applications which pass long strings to the catopen function to crash
or, potentially execute arbitrary code.