Bug 1011276 – VUL-0: CVE-2016-9427: gc: integer overflow in GC_MALLOC_ATOMIC

Bug 1011276 - (CVE-2016-9427) VUL-0: CVE-2016-9427: gc: integer overflow in GC_MALLOC_ATOMIC

(CVE-2016-9427)
Summary:	VUL-0: CVE-2016-9427: gc: integer overflow in GC_MALLOC_ATOMIC

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Normal
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2016-9427:4.3:(AV:N/A...
Keywords:

Depends on:
Blocks:	1011293
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2016-11-21 12:04 UTC by Alexander Bergmann
Modified:	2016-12-16 18:07 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Bergmann 2016-11-21 12:04:22 UTC

w3m: multiple vulnerabilities
http://seclists.org/oss-sec/2016/q4/452

integer overflow in GC_MALLOC_ATOMIC

Issue: https://github.com/ivmai/bdwgc/issues/135

Comment 1 Thomas Blume 2016-11-21 13:31:00 UTC

Upstream commit:

commit 5fb44be9a60f13a643c9949ca0c451609c91028e
Author: Tatsuya Kinoshita <tats@debian.org>
Date:   Fri Nov 18 23:29:47 2016 +0900

    Add CVE IDs
    
    cf. https://security-tracker.debian.org/tracker/source-package/w3m
        http://seclists.org/oss-sec/2016/q4/452

Comment 2 Swamp Workflow Management 2016-11-21 22:58:31 UTC

bugbot adjusting priority

Comment 4 Swamp Workflow Management 2016-12-08 13:16:14 UTC

SUSE-SU-2016:3057-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1011276
CVE References: CVE-2016-9427
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP2 (src):    gc-7.2d-5.1
SUSE Linux Enterprise Software Development Kit 12-SP1 (src):    gc-7.2d-5.1
SUSE Linux Enterprise Server for Raspberry Pi 12-SP2 (src):    gc-7.2d-5.1
SUSE Linux Enterprise Server 12-SP2 (src):    gc-7.2d-5.1
SUSE Linux Enterprise Server 12-SP1 (src):    gc-7.2d-5.1
SUSE Linux Enterprise Desktop 12-SP2 (src):    gc-7.2d-5.1
SUSE Linux Enterprise Desktop 12-SP1 (src):    gc-7.2d-5.1

Comment 5 Andreas Stieger 2016-12-13 20:54:46 UTC

release openSUSE, done

Comment 6 Andreas Stieger 2016-12-13 21:11:39 UTC

This was never submitted for openSUSE 13.2 although being source identical. Copied.

Comment 7 Bernhard Wiedemann 2016-12-13 23:00:32 UTC

This is an autogenerated message for OBS integration:
This bug (1011276) was mentioned in
https://build.opensuse.org/request/show/445657 13.2 / gc

Comment 8 Swamp Workflow Management 2016-12-14 00:12:14 UTC

openSUSE-SU-2016:3126-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1011276
CVE References: CVE-2016-9427
Sources used:
openSUSE Leap 42.2 (src):    gc-7.2d-8.1
openSUSE Leap 42.1 (src):    gc-7.2d-7.1

Comment 9 Andreas Stieger 2016-12-16 14:22:03 UTC

release 13.2, done

Comment 10 Swamp Workflow Management 2016-12-16 18:07:23 UTC

openSUSE-SU-2016:3177-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 1011276
CVE References: CVE-2016-9427
Sources used:
openSUSE 13.2 (src):    gc-7.2d-4.3.1