glibc is vulnerable to arbitrary code execution. An integer overflow flaw, leading to a heap-based buffer overflow, was found in the way the glibc library read timezone files. If a carefully-crafted timezone file was loaded by an application linked against glibc, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application.
dividead.wordpress.com/2009/06/01/glibc-timezone-integer-overflow/
lists.grok.org.uk/pipermail/full-disclosure/2011-December/084452.html
sourceware.org/git/?p=glibc.git%3Ba=commit%3Bh=97ac2654b2d831acaa18a2b018b0736245903fd2
sourceware.org/git/?p=glibc.git;a=commit;h=97ac2654b2d831acaa18a2b018b0736245903fd2
sourceware.org/ml/libc-alpha/2011-12/msg00037.html
access.redhat.com/errata/RHSA-2012:0058
access.redhat.com/errata/RHSA-2012:0125
access.redhat.com/errata/RHSA-2012:0126
access.redhat.com/security/cve/CVE-2009-5029
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=761245
rhn.redhat.com/errata/RHBA-2011-1179.html