Updated bchunk package fixes security vulnerabilities
Publication date: 26 Nov 2017Modification date: 26 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15953 , CVE-2017-15954 , CVE-2017-15955
Description
bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE (.cue) file. (CVE-2017-15953) bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file. (CVE-2017-15954) bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an "Access violation near NULL on destination operand" and crash when processing a malformed CUE (.cue) file. (CVE-2017-15955)
References
SRPMS
5/core
- bchunk-1.2.0-13.1.mga5
6/core
- bchunk-1.2.0-14.1.mga6