Multiple vulnerabilities was discovered and fixed in glibc: Multiple integer overflows in the strfmon implementation in the GNU C Library 2.10.1 and earlier allow context-dependent attackers to cause a denial of service via a crafted format string, as demonstrated by a crafted first argument to the money_format function in PHP, a related issue to CVE-2008-1391 . Integer overflow in the __vstrfmon_l function in stdlib/strfmon_l.c in the strfmon implementation in the GNU C Library before 2.10.1 allows context-dependent attackers to cause a denial of service via a crafted format string, as demonstrated by the %99999999999999999999n string, a related issue to CVE-2008-1391 . nis/nss_nis/nis-pwd.c in the GNU C Library 2.7 and Embedded GLIBC 2.10.2 adds information from the passwd.adjunct.byname map to entries in the passwd map, which allows remote attackers to obtain the encrypted passwords of NIS accounts by calling the getpwnam function . The encode_name macro in misc/mntent_r.c in the GNU C Library 2.11.1 and earlier, as used by ncpmount and mount.cifs, does not properly handle newline characters in mountpoint names, which allows local users to cause a denial of service , or possibly modify mount options and gain privileges, via a crafted mount request . Integer signedness error in the elf_get_dynamic_info function in elf/dynamic-link.h in ld.so in the GNU C Library 2.0.1 through 2.11.1, when the --verify option is used, allows user-assisted remote attackers to execute arbitrary code via a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header . Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program