Updated apt packages fix security vulnerabilityPublication date: 12 Nov 2014
Affected Mageia releases : 3 , 4
The Google Security Team discovered a buffer overflow vulnerability in the HTTP transport code in apt-get. An attacker able to man-in-the-middle a HTTP request to an apt repository can trigger the buffer overflow, leading to a crash of the "http" apt method binary, or potentially to arbitrary code execution (CVE-2014-6273). Also fixed is parsing of Mageia package index "synthesis" files with lines longer than 64k characters. This is necessary for upgrading to the "cauldron" development distro that will become Mageia 5. Note however that upgrading from Mageia 3 to Mageia 5 will not be supported.