Debian 10260 Published by

A libgc security update has been released for Debian GNU/Linux 8 Extended LTS to address integer overflows in multiple places.



ELA-589-1 libgc security update

Package libgc
Version 1:7.2d-6.4+deb8u1
Related CVEs CVE-2016-9427

libgc, a conservative garbage collector, is vulnerable to integer overflows in multiple places. In some cases, when asked to allocate a huge quantity of memory, instead of failing the request, it will return a pointer to a small amount of memory possibly tricking the application into a buffer overwrite.

For Debian 8 jessie, these problems have been fixed in version 1:7.2d-6.4+deb8u1.

We recommend that you upgrade your libgc packages.

Further information about Extended LTS security advisories can be found at: https://deb.freexian.com/extended-lts/

  ELA-589-1 libgc security update