Bug 6652 - gc new security issue CVE-2012-2673
: gc new security issue CVE-2012-2673
Status: RESOLVED FIXED
Product: Mageia
Classification: Unclassified
Component: Security
: 2
: i586 Linux
: Normal Severity: major
: ---
Assigned To: QA Team
:
: http://lwn.net/Vulnerabilities/504072/
: MGA1TOO MGA1-32-OK MGA1-64-OK MGA2-32...
: validated_update
:
:
  Show dependency treegraph
 
Reported: 2012-07-01 19:44 CEST by David Walser
Modified: 2012-08-30 12:51 CEST (History)
4 users (show)

See Also:
Source RPM: gc-7.2-0.alpha6.3.mga2.src.rpm
CVE:


Attachments

Description David Walser 2012-07-01 19:44:08 CEST
Fedora has issued an advisory on June 16:
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/082926.html

Links to upstream patches on the RedHat bug:
https://bugzilla.redhat.com/show_bug.cgi?id=828878

Other fixes that may be of interest in the Fedora commit diff:
http://pkgs.fedoraproject.org/gitweb/?p=gc.git;a=commitdiff;h=16efc896b0ef30b04e91126c54b0f8ee28b00e75
Comment 1 Kamil Rytarowski 2012-07-04 21:37:30 CEST
I'm on it
Comment 2 Kamil Rytarowski 2012-07-07 13:40:52 CEST
Fixed in Cauldron
Comment 3 David Walser 2012-08-29 18:22:28 CEST
Ubuntu has issued an advisory for this on August 28:
http://www.ubuntu.com/usn/usn-1546-1/

They have patches for 7.1, which we have in Mageia 1.
Comment 4 David Walser 2012-08-29 19:41:51 CEST
Patched packages uploaded for Mageia 1 and Mageia 2.

Advisory:
========================

Updated gc packages fix security vulnerability:

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc
funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page
function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it
easier for context-dependent attackers to perform memory-related attacks
such as buffer overflows via a large size value, which causes less memory
to be allocated than expected (CVE-2012-2673).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2673
http://www.ubuntu.com/usn/usn-1546-1/
========================

Updated packages in core/updates_testing:
========================
libgc1-7.1-7.1.mga1
libgc-devel-7.1-7.1.mga1
libgc-static-devel-7.1-7.1.mga1
libgc1-7.2-0.alpha6.3.1.mga2
libgc-devel-7.2-0.alpha6.3.1.mga2

from SRPMS:
gc-7.1-7.1.mga1.src.rpm
gc-7.2-0.alpha6.3.1.mga2.src.rpm
Comment 5 Dave Hodgins 2012-08-30 03:17:15 CEST
Testing complete on Mageia 1 i586 and x86-64.

Testing using inkscape under strace, confirming it's using the
library.
Comment 6 Dave Hodgins 2012-08-30 05:35:36 CEST
Testing complete on Mageia 2 i586 and x86-64.

Could someone from the sysadmin team push the srpm
gc-7.2-0.alpha6.3.1.mga2.src.rpm
from Mageia 2 Core Updates Testing to Core Updates and the srpm
gc-7.1-7.1.mga1.src.rpm
from Mageia 1 Core Updates Testing to Core Updates.

Advisory: Updated gc packages fix security vulnerability:

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc
funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page
function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it
easier for context-dependent attackers to perform memory-related attacks
such as buffer overflows via a large size value, which causes less memory
to be allocated than expected (CVE-2012-2673).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2673
http://www.ubuntu.com/usn/usn-1546-1/

https://bugs.mageia.org/show_bug.cgi?id=6652
Comment 7 Thomas Backlund 2012-08-30 12:51:58 CEST
Update pushed:
https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0249

Note You need to log in before you can comment on or make changes to this bug.