Upstream information

CVE-2012-2673 at MITRE

Description

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 5
Vector AV:N/AC:L/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 765444 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libgc1 >= 7.2d-3.77
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libgc1
SUSE Linux Enterprise Desktop 12 SP1
  • libgc1 >= 7.2d-3.77
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libgc1
SUSE Linux Enterprise Desktop 12 SP2
  • libgc1 >= 7.2d-3.77
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libgc1
SUSE Linux Enterprise Desktop 12 SP3
  • libgc1 >= 7.2d-5.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libgc1
SUSE Linux Enterprise Desktop 12 SP4
  • libgc1 >= 7.2d-5.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP4 GA libgc1
SUSE Linux Enterprise Module for Basesystem 15
  • gc-devel >= 7.6.4-1.16
  • libgc1 >= 7.6.4-1.16
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA gc-devel
SUSE Linux Enterprise Server 12
  • libgc1 >= 7.2d-3.77
Patchnames:
SUSE Linux Enterprise Server 12 GA libgc1
SUSE Linux Enterprise Server 12 SP1
  • libgc1 >= 7.2d-3.77
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libgc1
SUSE Linux Enterprise Server 12 SP2
  • libgc1 >= 7.2d-3.77
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libgc1
SUSE Linux Enterprise Server 12 SP3
  • libgc1 >= 7.2d-5.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libgc1
SUSE Linux Enterprise Server 12 SP4
  • libgc1 >= 7.2d-5.1
Patchnames:
SUSE Linux Enterprise Server 12 SP4 GA libgc1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libgc1 >= 7.2d-3.75
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libgc1
SUSE Linux Enterprise Software Development Kit 12
  • gc-devel >= 7.2d-3.77
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA gc-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • gc-devel >= 7.2d-3.77
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA gc-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • gc-devel >= 7.2d-3.77
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA gc-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • gc-devel >= 7.2d-5.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA gc-devel
SUSE Linux Enterprise Software Development Kit 12 SP4
  • gc-devel >= 7.2d-5.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP4 GA gc-devel
openSUSE Leap 15.0
  • libgc1 >= 7.6.4-lp150.1.1
Patchnames:
openSUSE Leap 15.0 GA libgc1
openSUSE Leap 42.1
  • libgc1 >= 7.2d-5.1
Patchnames:
openSUSE Leap 42.1 GA libgc1
openSUSE Leap 42.2
  • libgc1 >= 7.2d-6.4
Patchnames:
openSUSE Leap 42.2 GA libgc1
openSUSE Leap 42.3
  • libgc1 >= 7.2d-11.3
Patchnames:
openSUSE Leap 42.3 GA libgc1
openSUSE Tumbleweed
  • gc-devel >= 7.4.2-3.5
  • libgc1 >= 7.4.2-3.5
Patchnames:
openSUSE Tumbleweed GA gc-devel