A security flaw was found in the way malloc() and calloc() routines implementation of gc, a Boehm-Demers-Weiser conservative garbage collector, performed parameters sanitization, when allocating memory. If an application using the gc collector was missing application-level malloc() and calloc() routines parameters validity checks, a remote attacker could provide a specially-crafted application-specific input file that, when opened in that application would lead to application crash or, potentially, arbitrary code execution with the privileges of the user running the application. CVE request: [1] www.openwall.com/lists/oss-security/2012/06/05/1 Upstream patches: A) malloc() size overflow check [2] https://github.com/ivmai/bdwgc/commit/be9df82919960214ee4b9d3313523bff44fd99e1 B) calloc() size overflow check [3] https://github.com/ivmai/bdwgc/commit/e10c1eb9908c2774c16b3148b30d2f3823d66a9a [4] https://github.com/ivmai/bdwgc/commit/6a93f8e5bcad22137f41b6c60a1c7384baaec2b3 [5] https://github.com/ivmai/bdwgc/commit/83231d0ab5ed60015797c3d1ad9056295ac3b2bb References: [6] http://kqueue.org/blog/2012/03/05/memory-allocator-security-revisited/
This issue affects the version of the gc package, as shipped with Red Hat Enterprise Linux 6. -- This issue affects the versions of the gc package, as shipped with Fedora release of 15, 16, and 17. Please schedule an update. -- This issue affects the version of the gc package, as shipped with Fedora EPEL 5. Please schedule an update.
Created gc tracking bugs for this issue Affects: fedora-all [bug 828881] Affects: epel-5 [bug 828882]
The CVE identifier of CVE-2012-2673 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2012/06/07/13
gc-7.2b-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
gc-7.2b-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1500 https://rhn.redhat.com/errata/RHSA-2013-1500.html
This issue has been addressed in following products: Red Hat Satellite Proxy v 5.6 Via RHSA-2014:0150 https://rhn.redhat.com/errata/RHSA-2014-0150.html
This issue has been addressed in following products: Red Hat Satellite Server v 5.6 Via RHSA-2014:0149 https://rhn.redhat.com/errata/RHSA-2014-0149.html