Advisories » MGASA-2016-0427

Updated libgsf packages fix security vulnerability

Publication date: 29 Dec 2016
Modification date: 29 Dec 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-9888

Description

An error within the "tar_directory_for_file()" function
(gsf-infile-tar.c) in GNOME Structured File Library before 1.14.41 can
be exploited to trigger a Null pointer dereference and subsequently
cause a crash via a crafted TAR file (CVE-2016-9888).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19932
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SNGPD6IEEBZDLN6EMGXQ2ATUACQSTOWQ/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9888

SRPMS

5/core

• libgsf-1.14.31-1.1.mga5