Updated quassel packages fix CVE-2016-4414
Publication date: 05 May 2016Modification date: 05 May 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-4414
Description
Updated quassel packages fix security vulnerability: It was found that quasselcore is vulnerable to a denial of service attack by unauthenticated clients. The protocol negotiation did not take into account lack of a match in handshake data, in which case PeerFactory::createPeer returns a nullptr, which is immediately dereferenced (CVE-2016-4414).
References
SRPMS
5/core
- quassel-0.10.1-5.2.mga5