Advisories » MGASA-2014-0533

Updated unrtf package fixes security vulnerabilities

Publication date: 19 Dec 2014
Modification date: 19 Dec 2014
Type: security
Affected Mageia releases : 4
CVE: CVE-2014-9274 , CVE-2014-9275

Description

Updated unrtf package fixes security vulnerabilities:

Michal Zalewski reported an out-of-bounds memory access vulnerability in
unrtf.  Processing a malformed RTF file could lead to a segfault while
accessing a pointer that may be under the attacker's control.  This would
lead to a denial of service (application crash) or, potentially, the
execution of arbitrary code (CVE-2014-9274).

Hanno Böck also reported a number of other crashes in unrtf (CVE-2014-9275).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=14783
• https://bugzilla.redhat.com/show_bug.cgi?id=1170233
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9274
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9275

SRPMS

4/core

• unrtf-0.21.7-1.mga4