Advisories » MGASA-2016-0084

Updated xdelta3 packages fix CVE-2014-9765

Publication date: 02 Mar 2016
Modification date: 02 Mar 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-9765

Description

Updated xdelta3 package fixes security vulnerability:

Stepan Golosunov discovered that xdelta3, a diff utility which works with
binary files, is affected by a buffer overflow vulnerability within the
main_get_appheader function, which may lead to the execution of arbitrary
code (CVE-2014-9765).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=17713
• https://www.debian.org/security/2016/dsa-3484
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9765

SRPMS

5/core

• xdelta3-3.0.0-5.1.mga5