eglibc - security update

Several vulnerabilities have been discovered in eglibc that
may lead to a privilege escalation or denial of service.

• Glibc pointer guarding weakness

A weakness in the dynamic loader prior has been found. The issue is
that the LD_POINTER_GUARD in the environment is not sanitized
allowing local attackers easily to bypass the pointer guarding
protection on set-user-ID and set-group-ID programs.

• Potential application crash due to overread in fnmatch

When processing certain malformed patterns, fnmatch can skip over the
NUL byte terminating the pattern. This can potentially result in an
application crash if fnmatch hits an unmapped page before
encountering a NUL byte.

• _IO_wstr_overflow integer overflow

A miscalculation in _IO_wstr_overflow could potentially be exploited
to overflow a buffer.

• CVE-2014-8121
  DB_LOOKUP in nss_files/files-XXX.c in the Name Service Switch (NSS)
  in GNU C Library (aka glibc or libc6) 2.21 and earlier does not
  properly check if a file is open, which allows remote attackers to
  cause a denial of service (infinite loop) by performing a look-up
  while the database is iterated over the database, which triggers the
  file pointer to be reset.

For the oldoldstable distribution (squeeze), these problems have been fixed
in version 2.11.3-4+deb6u7.

We recommend that you update your packages.