Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2012-2673

Published: 25 July 2012

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

Priority

Medium

Status

Package Release Status
libgc
Launchpad, Ubuntu, Debian 		hardy
Released (1:6.8-1.1ubuntu0.1)
lucid
Released (1:6.8-1.2ubuntu1.1)
natty
Released (1:6.8-1.2ubuntu3.2)
oneiric
Released (1:7.1-8ubuntu0.11.10.1)
precise
Released (1:7.1-8ubuntu0.12.04.1)
upstream Needs triage

Patches:
other: https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1
other: https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a
other: https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3
other: https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb
other: http://anonscm.debian.org/gitweb/?p=collab-maint/libgc.git;a=commitdiff;h=4dd893dc29bdf10a61734cfc863ec035364c72e7

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading