Advisories ยป MGASA-2020-0476

Updated jackit packages fix security vulnerability

Publication date: 29 Dec 2020
Modification date: 29 Dec 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-13351

Description

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 has a "double
file descriptor close" issue during a failed connection attempt when jackd2 is
not running. Exploitation success depends on multithreaded timing of that
double close, which can result in unintended information disclosure, crashes,
or file corruption due to having the wrong file associated with the file
descriptor (CVE-2019-13351).
                

References

SRPMS

7/core