Updated unrtf package fixes security vulnerabilities
Publication date: 19 Dec 2014Modification date: 19 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9274 , CVE-2014-9275
Description
Updated unrtf package fixes security vulnerabilities: Michal Zalewski reported an out-of-bounds memory access vulnerability in unrtf. Processing a malformed RTF file could lead to a segfault while accessing a pointer that may be under the attacker's control. This would lead to a denial of service (application crash) or, potentially, the execution of arbitrary code (CVE-2014-9274). Hanno Böck also reported a number of other crashes in unrtf (CVE-2014-9275).
References
SRPMS
4/core
- unrtf-0.21.7-1.mga4