Updated cfitsio packages fix security vulnerability
Publication date: 05 Apr 2019Modification date: 05 Apr 2019
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-3846 , CVE-2018-3848 , CVE-2018-3849
Description
CVE-2018-3846: Unsafe use of sprintf() can allow a remote unauthenticated
attacker to execute arbitrary code
CVE-2018-3848: Stack-based buffer overflow in ffghbn() allows for
potential code execution
CVE-2018-3849: Stack-based buffer overflow in ffghtb() allows for
potential code execution
References
- https://bugs.mageia.org/show_bug.cgi?id=24586
- https://bugzilla.redhat.com/show_bug.cgi?id=1563915
- https://bugzilla.redhat.com/show_bug.cgi?id=1568184
- https://bugzilla.redhat.com/show_bug.cgi?id=1568189
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3846
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3848
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3849
SRPMS
6/core
- cfitsio-3.430-1.1.mga6