This service will be undergoing maintenance at 00:00 UTC, 2017-10-23 It is expected to last about 30 minutes
Bug 828881 - gc: malloc() and calloc() overflows [fedora-all]
gc: malloc() and calloc() overflows [fedora-all]
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: gc (Show other bugs)
16
All Linux
medium Severity medium
: ---
: ---
Assigned To: Rex Dieter
Fedora Extras Quality Assurance
: Security, SecurityTracking
Depends On:
Blocks: CVE-2012-2673
  Show dependency treegraph
 
Reported: 2012-06-05 10:21 EDT by Jan Lieskovsky
Modified: 2012-08-22 08:23 EDT (History)
4 users (show)

See Also:
Fixed In Version: gc-7.2b-2
Doc Type: Release Note
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2012-08-22 08:23:53 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2012-06-05 10:21:18 EDT
This is an automatically created tracking bug!  It was created to ensure
that one or more security vulnerabilities are fixed in affected Fedora
versions.

For comments that are specific to the vulnerability please use bugs filed
against "Security Response" product referenced in the "Blocks" field.

For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs

When creating a Bodhi update request, please include this bug ID and the
bug IDs of this bug's parent bugs filed against the "Security Response"
product (the top-level CVE bugs).  Please mention the CVE IDs being fixed
in the RPM changelog when available.

Bodhi update submission link:
https://admin.fedoraproject.org/updates/new/?type_=security&bugs=828878

Please note: this issue affects multiple supported versions of Fedora.
Only one tracking bug has been filed; please ensure that it is only closed
when all affected versions are fixed.


[bug automatically created by: add-tracking-bugs]
Comment 1 Rex Dieter 2012-06-11 10:45:05 EDT
fyi, 

I've been secretly waiting for upstream to release gc-7.2c (prior 7.2 releases contained a minor regression), I'll try pinging them today

If they don't act soonish (say, by mid week), i'll just pull down the .c patches from git and apply against 7.2b
Comment 2 Paulo Andrade 2012-06-11 11:50:11 EDT
(In reply to comment #1)
> fyi, 
> 
> I've been secretly waiting for upstream to release gc-7.2c (prior 7.2
> releases contained a minor regression), I'll try pinging them today
> 
> If they don't act soonish (say, by mid week), i'll just pull down the .c
> patches from git and apply against 7.2b

Me too waiting for 7.2c, with patches to make ecl work again.
If you do submit a package while waiting for 7.2c, could just fetch head of gc-7_2-hotfix-2 (https://github.com/ivmai/bdwgc/branches), or please add the commits
https://github.com/ivmai/bdwgc/commit/4be945a80fe79d6357e2a5525aa6aea4d8a514c1
and
https://github.com/ivmai/bdwgc/commit/5563e13d2b1b5c063bdabe720303d8068a07dcae

I made an almost identical patch as the above ones, with the difference that I had added definitions to public headers, but symbols should only be made visible in 7.2 api (7.3 will export some if not all those symbols used by ecl).
Comment 3 Fedora Update System 2012-06-16 12:40:10 EDT
gc-7.2b-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/gc-7.2b-2.fc17
Comment 4 Rex Dieter 2012-08-22 08:23:53 EDT
fyi, 
gc-7.2b-2.fc16 went to stable updates 2012-06-28 03:44:17
gc-7.2b-2.fc17 went to stable updates 2012-06-28 03:22:23

looks like bodhi missed autoclosing this.

Note You need to log in before you can comment on or make changes to this bug.