Advisories ยป MGASA-2014-0030

Updated libmicrohttpd package fixes security vulnerabilities

Publication date: 31 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-7038 , CVE-2013-7039

Description

The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow
remote attackers to obtain sensitive information or cause a denial of
service (crash) via unspecified vectors that trigger an out-of-bounds read
(CVE-2013-7038).

Stack-based buffer overflow in the MHD_digest_auth_check function in
libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is
set to a large value, allows remote attackers to cause a denial of service
(crash) or possibly execute arbitrary code via a long URI in an
authentication header (CVE-2013-7039).
                

References

SRPMS

3/core