MGASA-2012-0249
Date: | August 30th, 2012 |
Affected releases: | 1, 2 |
Description:
Updated gc packages fix security vulnerability:
Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc
funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page
function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make
it easier for context-dependent attackers to perform memory-related
attacks such as buffer overflows via a large size value, which causes
less memory to be allocated than expected (CVE-2012-2673).
Updated Packages:
Mageia 1:
lib(64)gc1-7.1-7.1.mga1
lib(64)gc-devel-7.1-7.1.mga1
lib(64)gc-static-devel-7.1-7.1.mga1
Mageia 2:
lib(64)gc1-7.2-0.alpha6.3.1.mga2
lib(64)gc-devel-7.2-0.alpha6.3.1.mga2
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2673
http://www.ubuntu.com/usn/usn-1546-1/
https://bugs.mageia.org/show_bug.cgi?id=6652