Advisories » MGASA-2016-0026

Updated encfs packages fix security vulnerability

Publication date: 20 Jan 2016
Modification date: 20 Jan 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-3462

Description

A local attacker can utilize a possible buffer overflow in the encodeName
method of StreamNameIO and BlockNameIO to execute arbitrary code or cause
a Denial of Service. Also multiple weak cryptographics practices have been
found in encfs (CVE-2014-3462)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17424
• https://security.gentoo.org/glsa/201512-09
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3462

SRPMS

5/core

• encfs-1.7.5-1.mga5