gc-7.1-12.AXS4
エラータID: AXSA:2014-020:01
リリース日:
2014/03/07 Friday - 10:56
題名:
gc-7.1-12.AXS4
影響のあるチャネル:
Asianux Server 4 for x86
Asianux Server 4 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Boehm-Demers-Weiser GC (libgc) の malloc.c の (1) GC_generic_malloc と (2) calloc 関数,mallocx.c の (3) GC_generic_malloc_ignore_off_page 関数には複数の整数オーバーフローが存在し,大きな値によって,攻撃者がバッファーオーバーフローのようなメモリ関連の攻撃を行う脆弱性があります。(CVE-2012-2673)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2012-2673
Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.
Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc functions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.
追加情報:
N/A
ダウンロード:
SRPMS
- gc-7.1-12.AXS4.src.rpm
MD5: 9c9c52559be3aef8b1831082c90cec2d
SHA-256: 2f9f0b9e5e29a92745aa6d3ef0c8dda911404b24fe6178247d6748e33605e96a
Size: 1.04 MB
Asianux Server 4 for x86
- gc-7.1-12.AXS4.i686.rpm
MD5: e17732aadfd9d3fd5562d0fc188d033d
SHA-256: a2ee7d4f078bde6065a0ca9386a5b214e57b307ece8d4f8bd591448df1145c02
Size: 141.62 kB
Asianux Server 4 for x86_64
- gc-7.1-12.AXS4.x86_64.rpm
MD5: 615ed84655af458c1b1dd79d45a75f78
SHA-256: f081fc65e38528b97589611062432b1e53ae01db1780bc6ed4cd70141450ec25
Size: 145.69 kB