Package name
gc
Date
2012-10-03
Advisory ID
MDVSA-2012:158
Affected versions
MES5 i586 , 2011 i586 , MES5 x86_64 , 2011 x86_64

Problem description

A security issue was identified and fixed in gc:

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc
funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page
function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make
it easier for context-dependent attackers to perform memory-related
attacks such as buffer overflows via a large size value, which causes
less memory to be allocated than expected (CVE-2012-2673).

The updated packages have been patched to correct this issue.

Updated packages

MES5 i586

 4d2dc87cd0f10a438e98f38bf9f53d86  mes5/i586/libgc1-7.1-2.1mdvmes5.2.i586.rpm
 fa03fc646070e70d995f3f09d0121754  mes5/i586/libgc-devel-7.1-2.1mdvmes5.2.i586.rpm
 12278c7b66468f7d4bb8bbfbd3140e54  mes5/i586/libgc-static-devel-7.1-2.1mdvmes5.2.i586.rpm 
 04ee1a3f43fdc35db778f7173a78462a  mes5/SRPMS/gc-7.1-2.1mdvmes5.2.src.rpm

2011 i586

 ff80b2641fc3764b7ed98eb6a8b7310a  2011/i586/libgc1-7.1-8.1-mdv2011.0.i586.rpm
 85d77990548165fb44b9969ebaa37a08  2011/i586/libgc-devel-7.1-8.1-mdv2011.0.i586.rpm
 9a40880c129be459fab7610510bb3dea  2011/i586/libgc-static-devel-7.1-8.1-mdv2011.0.i586.rpm 
 3433f6fce39c37469114ce2e40770570  2011/SRPMS/gc-7.1-8.1.src.rpm

MES5 x86_64

 a0ba63a6646876564e4f67559213d785  mes5/x86_64/lib64gc1-7.1-2.1mdvmes5.2.x86_64.rpm
 76159b94d17a53b8946e61e87c7a474a  mes5/x86_64/lib64gc-devel-7.1-2.1mdvmes5.2.x86_64.rpm
 5a9475c338a052ad9b6b6cd2a29e89ac  mes5/x86_64/lib64gc-static-devel-7.1-2.1mdvmes5.2.x86_64.rpm 
 04ee1a3f43fdc35db778f7173a78462a  mes5/SRPMS/gc-7.1-2.1mdvmes5.2.src.rpm

2011 x86_64

 ac0a695e6ba1d01c58db329ac275e029  2011/x86_64/lib64gc1-7.1-8.1-mdv2011.0.x86_64.rpm
 2b73bed5897460c97e03a8bc4eb512c4  2011/x86_64/lib64gc-devel-7.1-8.1-mdv2011.0.x86_64.rpm
 ed2ca7c3c40648a6074e0a5990c49efa  2011/x86_64/lib64gc-static-devel-7.1-8.1-mdv2011.0.x86_64.rpm 
 3433f6fce39c37469114ce2e40770570  2011/SRPMS/gc-7.1-8.1.src.rpm

References