Red Hat Security Blog: October 2012 archives

  • Array allocation in C++

    This technical article covers a subtlety in C++ array allocation and how we changed the GNU C++ compiler to deal with it properly. When a programmer writes T *p = new T[3];the C++ compiler allocates room for at least three copies of objects of type T on the heap. These objects require 3 * sizeof(T) bytes. For this example, assume sizeof(T) is 12, then it is straightforward to allocate 36 bytes (for example, using malloc). But what happens if the array length is 3937053355 (or...
    Posted 2012-10-31T13:00:31+00:00 - 0
  • What defines a security issue?

    When dealing with developers, this question comes up fairly often: Is this bug a security issue? It is not always obvious if a bug is a security flaw or not. The reality is that the line is quite gray when it comes to deciding if something is a security flaw or not. It depends on a lot of factors, many of which are complicated and confusing. Consider the following example: CVE-2012-1182 describes a problem in Samba where a remote attacker could run arbitrary code as root. This is a fancy way of...
    Posted 2012-10-17T13:00:52+00:00 - 0
  • Enterprise Linux 6.2 to 6.3 risk report

    Red Hat Enterprise Linux 6.3 was released in June 2012, six months since the release of 6.2 in December 2011. So let's use this opportunity to take a quick look back over the vulnerabilities and security updates made in that time, specifically for Red Hat Enterprise Linux 6 Server. Errata count The chart below illustrates the total number of security updates issued for Red Hat Enterprise Linux 6 Server if you had installed 6.2, up to and including the 6.3 release, broken down by severity. It's...
    Posted 2012-10-03T13:00:38+00:00 - 0