Updated apt packages fix security vulnerability
Publication date: 12 Nov 2014Modification date: 12 Nov 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-6273
Description
The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the "http" apt method binary, or potentially to arbitrary code execution (CVE-2014-6273). Also fixed is parsing of Mageia package index "synthesis" files with lines longer than 64k characters. This is necessary for upgrading to the "cauldron" development distro that will become Mageia 5. Note however that upgrading from Mageia 3 to Mageia 5 will not be supported.
References
SRPMS
3/core
- apt-0.5.15lorg3.94-9.2.mga3
4/core
- apt-0.5.15lorg3.94-11.2.mga4