Updated brotli packages fix security vulnerability
Publication date: 16 Oct 2020Modification date: 16 Oct 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2020-8927
Description
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB (CVE-2020-8927).
References
SRPMS
7/core
- brotli-1.0.7-2.1.mga7