Advisories » MGASA-2020-0117

Updated libsolv packages fix security vulnerability

Publication date: 06 Mar 2020
Modification date: 06 Mar 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-20387

Description

Updated libsolv packages fix security vulnerability:

An out-of-bounds read was discovered in libsolv when the last schema
has a length that is less than the length of the input schema. A remote
attacker may abuse this flaw to crash an application that uses libsolv
(CVE-2019-20387).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=26163
• https://bugzilla.redhat.com/show_bug.cgi?id=1797072
• https://github.com/openSUSE/libsolv/commit/fdb9c9c03508990e4583046b590c30d958f272da
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20387

SRPMS

7/core

• libsolv-0.7.4-1.1.mga7