Advisories » MGASA-2016-0166

Updated quassel packages fix CVE-2016-4414

Publication date: 05 May 2016
Modification date: 05 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4414

Description

Updated quassel packages fix security vulnerability:

It was found that quasselcore is vulnerable to a denial of service attack by
unauthenticated clients. The protocol negotiation did not take into account
lack of a match in handshake data, in which case PeerFactory::createPeer
returns a nullptr, which is immediately dereferenced (CVE-2016-4414).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=18324
• http://openwall.com/lists/oss-security/2016/04/30/4
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4414

SRPMS

5/core

• quassel-0.10.1-5.2.mga5