Professional OVAL Repository

[Eng] [Rus] [Sign-In]

oval:org.mitre.oval:def:21261

Version

Class

patch

ALTXid

37283

Language

English

Severity

NotAvailable

Title

RHSA-2013:1500: gc security update (Moderate)

Description

Multiple integer overflows in the (1) GC_generic_malloc and (2) calloc funtions in malloc.c, and the (3) GC_generic_malloc_ignore_off_page function in mallocx.c in Boehm-Demers-Weiser GC (libgc) before 7.2 make it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which causes less memory to be allocated than expected.

Family

unix

Platform

Product

OVAL Repository

Status: ACCEPTED
Status: ACCEPTED
- 2014-01-09T13:03:25 : submitted
  - ALTX-SOFT Sergey Artykhov
- 2014-01-10T12:56:49.712-05:00 : status_change DRAFT
- 2014-01-27T04:01:24.021-05:00 : status_change INTERIM
- 2014-02-17T04:01:37.352-05:00 : status_change ACCEPTED

Reference

VENDOR: RHSA-2013:1500-00

CESA: CESA-2013:1500
CESA: CESA-2013:1500

Id: CESA-2013:1500

CVE: CVE-2012-2673

Criteria

Expand All

Collapse All

AND

OR	Redhat 6 or Centos 6 release

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:20273) The operating system installed on the system is Red Hat Enterprise Linux 6

EXTENDED DEFINITION (ID = oval:org.mitre.oval:def:16337) The operating system installed on the system is CentOS Linux 6.x

OR Packages section
- CRITERION gc-devel is earlier than 0:7.1-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91620) check=at least one, check_existence=at_least_one_exists, comment=gc-devel is earlier than 0:7.1-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:4749)
      name gc-devel
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25652)
      evr datatype=evr_string | operation=less than | value=0:7.1-12.el6_4
- CRITERION gc is earlier than 0:7.1-12.el6_4
  - RPMINFO_TEST (ID = oval:org.mitre.oval:tst:91689) check=at least one, check_existence=at_least_one_exists, comment=gc is earlier than 0:7.1-12.el6_4, version=2
    - rpminfo_object (ID = oval:org.mitre.oval:obj:29230)
      name gc
    - rpminfo_state (ID = oval:org.mitre.oval:ste:25652)
      evr datatype=evr_string | operation=less than | value=0:7.1-12.el6_4


	2008-2021, © AO ALTEX-SOFT , ovaldb@altx-soft.com OVAL and the OVAL logo are registered trademarks of The MITRE Corporation. Other names may be trademarks of their respective owners.

Access vector:	NONE
Access complexity:	LOW
Authentication:	NONE
Confidentiality impact:	NONE
Integrity impact:	PARTIAL
Availability impact:	NONE