Advisories » MGASA-2017-0225

Updated libmtp and libgphoto packages fix security vulnerabilities

Publication date: 28 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-9831 , CVE-2017-9832

Description

An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx
function of the ptp-pack.c file of libmtp and libgphoto allows attackers
to cause a denial of service (out-of-bounds memory access) or maybe
remote code execution by inserting a mobile device into a personal
computer through a USB cable (CVE-2017-9831).

An integer overflow vulnerability in ptp-pack.c
(ptp_unpack_OPL function) of libmtp and libgphoto allows attackers to
cause a denial of service (out-of-bounds memory access) or maybe remote
code execution by inserting a mobile device into a personal computer
through a USB cable (CVE-2017-9832).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21177
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/LTQ4RARXHHXXKCHPXONGT7HSMAQXNAVM/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9831
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9832

SRPMS

5/core

• libmtp-1.1.8-4.1.mga5
• libgphoto-2.5.7-1.2.mga5