Mageia Advisory: MGASA-2020-0012 - Updated upx packages fix security vulnerability

Updated upx packages fix security vulnerability

Publication date: 05 Jan 2020
Modification date: 05 Jan 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-14295 , CVE-2019-14296

Description

The updated package fixes security vulnerabilities:

An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX
3.95 allows remote attackers to cause a denial of service (crash) via a
skewed offset larger than the size of the PE section in a UPX packed
executable, which triggers an allocation of excessive memory.
(CVE-2019-14295)

canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a
denial of service (SEGV or buffer overflow, and application crash) or
possibly have unspecified other impact via a crafted UPX packed file.
(CVE-2019-14296)

References

https://bugs.mageia.org/show_bug.cgi?id=25935
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MOCJ43HTM45GZCAQ2FLEBDNBM76V22RG/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14295
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14296

SRPMS

7/core

upx-3.95-1.1.mga7

Advisories » MGASA-2020-0012

Updated upx packages fix security vulnerability

Description

References

SRPMS

7/core