Vulnerabilities > CVE-2012-2673 - Numeric Errors vulnerability in Boehm-Demers-Weiser Garbage Collector
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-9637.NASL description Backport upstream fixes for memory allocation related overflows. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-28 plugin id 59742 published 2012-06-28 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59742 title Fedora 16 : gc-7.2b-2.fc16 (2012-9637) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-9637. # include("compat.inc"); if (description) { script_id(59742); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-2673"); script_xref(name:"FEDORA", value:"2012-9637"); script_name(english:"Fedora 16 : gc-7.2b-2.fc16 (2012-9637)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Backport upstream fixes for memory allocation related overflows. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=828878" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-June/082988.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?63e335f5" ); script_set_attribute(attribute:"solution", value:"Update the affected gc package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:gc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/06/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/06/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"gc-7.2b-2.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gc"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0150.NASL description Updated gc packages that fix one security issue are now available for Red Hat Satellite Proxy 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Satellite Proxy provides a package-caching mechanism that reduces the bandwidth requirements for Red Hat Satellite and enables custom package deployment. Red Hat Satellite Proxy customers are able to cache RPM packages, such as are provided by Errata Updates from Red Hat, or custom RPM packages generated by their organization, on an internal, centrally-located server. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc last seen 2020-06-01 modified 2020-06-02 plugin id 78997 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78997 title RHEL 5 : gc in Satellite Server (RHSA-2014:0150) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2014:0150. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(78997); script_version("1.11"); script_cvs_date("Date: 2019/10/24 15:35:38"); script_cve_id("CVE-2012-2673"); script_bugtraq_id(54227); script_xref(name:"RHSA", value:"2014:0150"); script_name(english:"RHEL 5 : gc in Satellite Server (RHSA-2014:0150)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "Updated gc packages that fix one security issue are now available for Red Hat Satellite Proxy 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Satellite Proxy provides a package-caching mechanism that reduces the bandwidth requirements for Red Hat Satellite and enables custom package deployment. Red Hat Satellite Proxy customers are able to cache RPM packages, such as are provided by Errata Updates from Red Hat, or custom RPM packages generated by their organization, on an internal, centrally-located server. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application. (CVE-2012-2673) Users of Red Hat Network Proxy 5.6 are advised to upgrade to these updated packages, which contain a backported patch to correct this issue. For this update to take effect, Red Hat Network Proxy must be restarted. Refer to the Solution section for details." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2673" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2014:0150" ); script_set_attribute(attribute:"solution", value:"Update the affected gc package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:5"); script_set_attribute(attribute:"patch_publication_date", value:"2014/02/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = eregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! ereg(pattern:"^5([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 5.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2014:0150"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL5", rpm:"spacewalk-admin-"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Satellite Server"); if (rpm_check(release:"RHEL5", cpu:"s390x", reference:"gc-7.1-12.2.el5")) flag++; if (rpm_check(release:"RHEL5", cpu:"x86_64", reference:"gc-7.1-12.2.el5")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gc"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-1500.NASL description Updated gc packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc last seen 2020-06-01 modified 2020-06-02 plugin id 70755 published 2013-11-05 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70755 title RHEL 6 : gc (RHSA-2013:1500) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:1500. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(70755); script_version("1.11"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2012-2673"); script_xref(name:"RHSA", value:"2013:1500"); script_name(english:"RHEL 6 : gc (RHSA-2013:1500)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated gc packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application. (CVE-2012-2673) Users of gc are advised to upgrade to these updated packages, which contain backported patches to correct this issue. Applications using gc must be restarted for the update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:1500" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2012-2673" ); script_set_attribute( attribute:"solution", value:"Update the affected gc, gc-debuginfo and / or gc-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gc-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gc-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6.4"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/07/25"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/11/05"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:1500"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"gc-7.1-12.el6_4")) flag++; if (rpm_check(release:"RHEL6", reference:"gc-debuginfo-7.1-12.el6_4")) flag++; if (rpm_check(release:"RHEL6", reference:"gc-devel-7.1-12.el6_4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gc / gc-debuginfo / gc-devel"); } }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-158.NASL description A security issue was identified and fixed in gc : Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected (CVE-2012-2673). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 62424 published 2012-10-04 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62424 title Mandriva Linux Security Advisory : gc (MDVSA-2012:158) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-1500.NASL description Updated gc packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc last seen 2020-06-01 modified 2020-06-02 plugin id 70747 published 2013-11-05 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70747 title CentOS 6 : gc (CESA-2013:1500) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-1500.NASL description From Red Hat Security Advisory 2013:1500 : Updated gc packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc last seen 2020-06-01 modified 2020-06-02 plugin id 70754 published 2013-11-05 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70754 title Oracle Linux 6 : gc (ELSA-2013-1500) NASL family Scientific Linux Local Security Checks NASL id SL_20131104_GC_ON_SL6_X.NASL description It was discovered that gc last seen 2020-03-18 modified 2013-11-05 plugin id 70756 published 2013-11-05 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/70756 title Scientific Linux Security Update : gc on SL6.x i386/x86_64 (20131104) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2014-0149.NASL description Updated gc packages that fix one security issue are now available for Red Hat Satellite 5.6. The Red Hat Security Response Team has rated this update as having Moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc last seen 2020-06-01 modified 2020-06-02 plugin id 78996 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78996 title RHEL 5 : spacewalk in Satellite Server (RHSA-2014:0149) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-245.NASL description It was discovered that gc last seen 2020-06-01 modified 2020-06-02 plugin id 70907 published 2013-11-14 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70907 title Amazon Linux AMI : gc (ALAS-2013-245) NASL family Fedora Local Security Checks NASL id FEDORA_2012-9556.NASL description Backport upstream fixes for memory allocation related overflows Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-06-28 plugin id 59739 published 2012-06-28 reporter This script is Copyright (C) 2012-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/59739 title Fedora 17 : gc-7.2b-2.fc17 (2012-9556) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1546-1.NASL description It was discovered that multiple integer overflows existed in the malloc and calloc implementations in the Boehm-Demers-Weiser garbage collecting memory allocator (libgc). These could allow an attacker to cause a denial of service or possibly execute arbitrary code. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 61706 published 2012-08-29 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/61706 title Ubuntu 8.04 LTS / 10.04 LTS / 11.04 / 11.10 / 12.04 LTS : libgc vulnerability (USN-1546-1)
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| rpms |
|
References
- http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082926.html
- http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082988.html
- http://rhn.redhat.com/errata/RHSA-2013-1500.html
- http://rhn.redhat.com/errata/RHSA-2014-0149.html
- http://rhn.redhat.com/errata/RHSA-2014-0150.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:158
- http://www.openwall.com/lists/oss-security/2012/06/05/1
- http://www.openwall.com/lists/oss-security/2012/06/07/13
- http://www.securityfocus.com/bid/54227
- http://www.ubuntu.com/usn/USN-1546-1
- https://github.com/ivmai/bdwgc/blob/master/ChangeLog
- https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3
- https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb
- https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1
- https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a