Mandriva Update For Gc MDVSA-2012:158 (gc) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A security issue was identified and fixed in gc: Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected (CVE-2012-2673). The updated packages have been patched to correct this issue.

Affected

gc on Mandriva Linux 2011.0, Mandriva Enterprise Server 5.2

Severity

Classification

CVE CVE-2012-2673

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:040 (dia)
Mandrake Security Advisory MDVSA-2009:058 (wireshark)
Mandrake Security Advisory MDVSA-2009:123 (opensc)
Mandrake Security Advisory MDVSA-2009:092 (ntp)
Mandrake Security Advisory MDVSA-2009:188 (php4-eaccelerator)

Mandriva Update for gc MDVSA-2012:158 (gc)

Take action and discover your vulnerabilities