Advisories ยป MGASA-2017-0426

Updated bchunk package fixes security vulnerabilities

Publication date: 26 Nov 2017
Modification date: 26 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15953 , CVE-2017-15954 , CVE-2017-15955

Description

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a
heap-based buffer overflow and crash when processing a malformed CUE
(.cue) file. (CVE-2017-15953)

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a
heap-based buffer overflow (with a resultant invalid free) and crash
when processing a malformed CUE (.cue) file. (CVE-2017-15954)

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an
"Access violation near NULL on destination operand" and crash when
processing a malformed CUE (.cue) file. (CVE-2017-15955)
                

References

SRPMS

5/core

6/core