Red Hat Security Advisory 2014-0149-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructures. It allows for provisioning, remote management and monitoring of multiple Linux deployments with a single, centralized tool. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
ab1869eb40905173521dfa2bc8d078041565cdaee5692e209da56b9fa3326e69Red Hat Security Advisory 2014-0150-01 - Red Hat Satellite Proxy provides a package-caching mechanism that reduces the bandwidth requirements for Red Hat Satellite and enables custom package deployment. Red Hat Satellite Proxy customers are able to cache RPM packages, such as are provided by Errata Updates from Red Hat, or custom RPM packages generated by their organization, on an internal, centrally-located server. gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
669c9c9c11aecff1cc8081c8a4033c22fd3a1f755e68e73dbf6986a6047a5bbbRed Hat Security Advisory 2013-1500-01 - gc is a Boehm-Demers-Weiser conservative garbage collector for C and C++. It was discovered that gc's implementation of the malloc() and calloc() routines did not properly perform parameter sanitization when allocating memory. If an application using gc did not implement application-level validity checks for the malloc() and calloc() routines, a remote attacker could provide specially crafted application-specific input, which, when processed by the application, could lead to an application crash or, potentially, arbitrary code execution with the privileges of the user running the application.
98163433f0f4fa97f8a768c780a3779f28965a348ea070cf769d1d97cbff3ca1Mandriva Linux Security Advisory 2012-158 - Multiple integer overflows in the calloc functions in malloc.c, and the GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected. The updated packages have been patched to correct this issue.
88b0f00c58533372ad08311ae93c93dc5a627ff295fd192460b3e451c48ae741Ubuntu Security Notice 1546-1 - It was discovered that multiple integer overflows existed in the malloc and calloc implementations in the Boehm-Demers-Weiser garbage collecting memory allocator (libgc). These could allow an attacker to cause a denial of service or possibly execute arbitrary code.
58991ae1377d34f2cb65a2637dac82551f96bcf8a96f7a256a0430749a93efad
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed