An update for glibc is now available for Red Hat Enterprise Linux 6.5 AdvancedUpdate Support.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
The glibc packages provide the standard C libraries (libc), POSIX threadlibraries (libpthread), standard math libraries (libm), and the name servicecache daemon (nscd) used by multiple programs on the system. Without theselibraries, the Linux system cannot function correctly.Security Fix(es):* It was discovered that, under certain circumstances, glibc’s getaddrinfo()function would send DNS queries to random file descriptors.

An attacker couldpotentially use this flaw to send DNS queries to unintended recipients,resulting in information disclosure or data loss due to the applicationencountering corrupted data. (CVE-2013-7423)
For details on how to apply this update, which includes the changes described inthis advisory, refer to:https://access.redhat.com/articles/11258For the update to take effect, all services linked to the glibc library must berestarted, or the system rebooted.Red Hat Enterprise Linux Server AUS (v. 6.5)

SRPMS:
glibc-2.12-1.132.el6_5.8.src.rpm
    MD5: e9049ea229e38a7c2c62ff80025e8d39SHA-256: 8d6eaf9a9ebfd95f41451ea73ee2c986ac0d1a64f5f5aff8b1721d6853e91f4d
 
x86_64:
glibc-2.12-1.132.el6_5.8.i686.rpm
    MD5: d44d1d1373995c13b2e92f9c130bb25bSHA-256: 7081dde413448f1f3b8377430b5e57f712293b49d033bdc88e43691dca422fd1
glibc-2.12-1.132.el6_5.8.x86_64.rpm
    MD5: 16856b57164c884bc40d0ad59a9bbe58SHA-256: 54575f6c3f69d12706851a23756849816e83e3a599216f856acfd3d309145655
glibc-common-2.12-1.132.el6_5.8.x86_64.rpm
    MD5: 59216de8816f02fb951c1b4916bc0e41SHA-256: d6262d83d9094d618a34ab53b55d1553f8446326d48cbf013d7fdedc16e54abc
glibc-debuginfo-2.12-1.132.el6_5.8.i686.rpm
    MD5: 159e61a37f5a13044ead91343189d0edSHA-256: eaf7f82fa7cdf9ef146c3b5c9eb3d8b1b733acce3586dbf16204019dd4764a2c
glibc-debuginfo-2.12-1.132.el6_5.8.x86_64.rpm
    MD5: 8dcefea682b96419a129f74af8fc114eSHA-256: f0a31218ba2e448f326b58872d0ef277d59539d8a2d6cdaeac907b52d57ebd35
glibc-debuginfo-common-2.12-1.132.el6_5.8.i686.rpm
    MD5: 46459fffb6344b2cf6837d3d8da2b475SHA-256: 75aacfd79408a134229904e2e16fb7f65b0894cf51c000cf88a59e843c9a9726
glibc-debuginfo-common-2.12-1.132.el6_5.8.x86_64.rpm
    MD5: 79cbe4e075b6032becb0d9ca1fc89738SHA-256: b03cd1e16109c55f6713114666757fbddd8a6dfb9709493b1189690e60aa47e0
glibc-devel-2.12-1.132.el6_5.8.i686.rpm
    MD5: 35940bb7af09a4639e1db3c124e3c7e9SHA-256: 11f3aba89d40e413035880b45fe7db8dd4650c98deaf2246c0bd050e64989203
glibc-devel-2.12-1.132.el6_5.8.x86_64.rpm
    MD5: 23c9e2abb92d8579bf193b17260063e0SHA-256: b45543690a7db496db964171c53745f5fb090215d5bb355aa9014ca31862b725
glibc-headers-2.12-1.132.el6_5.8.x86_64.rpm
    MD5: f039ce8738929d2936e95002ed58e100SHA-256: d464808d249acafde2ebb47d1ebc4657b950c07acbbe8fc445bd338a7c5b7a73
glibc-static-2.12-1.132.el6_5.8.i686.rpm
    MD5: 139395413f4e3b4613daffa2fa73fa0dSHA-256: d5445e9df6fc0c017cf00cf60c6f68bc7277c60584017a1b527e4b59d55ae6b7
glibc-static-2.12-1.132.el6_5.8.x86_64.rpm
    MD5: 5429c462bf4293a74b54c864fb4e1924SHA-256: e8afe84fa9855cf76d6dfd9956943c3239b2a3139ca5d1214f2118fe9fb3fbac
glibc-utils-2.12-1.132.el6_5.8.x86_64.rpm
    MD5: 569018db6eb719d426c29d11c027e7ffSHA-256: 81892bfd7aa48f8ce9b6895df1acc5c95b7df5f02a5149bb0dfeb5d87f171df1
nscd-2.12-1.132.el6_5.8.x86_64.rpm
    MD5: ddc4ecca90fb6794f8c1493a794d7d88SHA-256: 278ad1b2d053f135f60876d944419eeb307b2ed361db20c08313ac1781e6d43d
 
(The unlinked packages above are only available from the Red Hat Network)

1187109 – CVE-2013-7423 glibc: getaddrinfo() writes DNS queries to random file descriptors under high load1339960 – CVE-2013-7423 glibc: getaddrinfo() sends DNS queries to random file descriptors [rhel-6.5.z]

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from: