Advisories » MGASA-2019-0249

Updated sigil packages fix security vulnerability

Publication date: 06 Sep 2019
Modification date: 06 Sep 2019
Type: security
Affected Mageia releases : 6 , 7
CVE: CVE-2019-14452

Description

Updated sigil package fixes security vulnerability:

Mike Salvatore discovered that Sigil mishandled certain malformed EPUB
files. An attacker could use this vulnerability to write arbitrary files
to the filesystem (CVE-2019-14452).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=25290
• https://usn.ubuntu.com/4085-1/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14452

SRPMS

6/core

• sigil-0.9.16-1.mga6

7/core

• sigil-0.9.16-1.mga7