Advisories » MGASA-2015-0469

Updated libraw packages fix security vulnerabilities

Publication date: 10 Dec 2015
Modification date: 07 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2015-8366 , CVE-2015-8367

Description

Updated libraw packages fix security vulnerabilities:

It was found that smal_decode_segment function do not handle index carefully,
which may cause index overflow (CVE-2015-8366).

It was found that phase_one_correct function does not handle memory object's
initialization correctly, which may have unspecified impact (CVE-2015-8367).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17314
• https://lists.fedoraproject.org/pipermail/package-announce/2015-December/173363.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8366
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8367

SRPMS

5/core

• libraw-0.16.2-1.1.mga5