Multiple vulnerabilities was discovered and fixed in glibc: Multiple untrusted search path vulnerabilities in elf/dl-object.c in certain modified versions of the GNU C Library , including glibc-2.5-49.el5_5.6 and glibc-2.12-1.7.el6_0.3 in Red Hat Enterprise Linux, allow local users to gain privileges via a crafted dynamic shared object in a subdirectory of the current working directory during execution of a setuid or setgid program that has in RPATH or RUNPATH. NOTE: this issue exists because of an incorrect fix for CVE-2010-3847 . The GNU C Library before 2.12.2 and Embedded GLIBC allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long UTF8 string that is used in an fnmatch call, aka a stack extension attack, a related issue to CVE-2010-2898, as originally reported for use of this library by Google Chrome . The addmntent function in the GNU C Library 2.13 and earlier does not report an error status for failed attempts to write to the /etc/mtab file, which makes it easier for local users to trigger corruption of this file, as demonstrated by writes from a process with a small RLIMIT_FSIZE value, a different vulnerability than CVE-2010-0296 . locale/programs/locale.c in locale in the GNU C Library before 2.13 does not quote its output, which might allow local users to gain privileges via a crafted localization environment variable, in conjunction with a program that executes a script that uses the eval function . Integer overflow in posix/fnmatch.c in the GNU C Library 2.13 and earlier allows context-dependent attackers to cause a denial of service via a long UTF8 string that is used in an fnmatch call with a crafted pattern argument, a different vulnerability than CVE-2011-1071 . crypt_blowfish before 1.1, as used in glibc on certain platforms, does not properly handle 8-bit characters, which makes it easier for context-dependent attackers to determine a cleartext password by leveraging knowledge of a password hash . The updated packages have been patched to correct these issues.