USN-1546-1: libgc vulnerability

Ubuntu Security Notice USN-1546-1

28th August, 2012

libgc vulnerability

A security issue affects these releases of Ubuntu and its derivatives:

Ubuntu 12.04 LTS
Ubuntu 11.10
Ubuntu 11.04
Ubuntu 10.04 LTS
Ubuntu 8.04 LTS

Summary

Applications using libgc could be made to crash or run arbitrary programs as your login.

Software description

libgc - Boehm-Demers-Weiser garbage collecting storage allocator library

Details

It was discovered that multiple integer overflows existed in the
malloc and calloc implementations in the Boehm-Demers-Weiser garbage
collecting memory allocator (libgc). These could allow an attacker
to cause a denial of service or possibly execute arbitrary code.

Update instructions

The problem can be corrected by updating your system to the following package version:

Ubuntu 12.04 LTS:: libgc1c2 1:7.1-8ubuntu0.12.04.1
Ubuntu 11.10:: libgc1c2 1:7.1-8ubuntu0.11.10.1
Ubuntu 11.04:: libgc1c2 1:6.8-1.2ubuntu3.2
Ubuntu 10.04 LTS:: libgc1c2 1:6.8-1.2ubuntu1.1
Ubuntu 8.04 LTS:: libgc1c2 1:6.8-1.1ubuntu0.1

To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades.

In general, a standard system update will make all the necessary changes.

References

CVE-2012-2673