Advisories » MGASA-2016-0288

Updated bsdiff packages fix security vulnerability

Publication date: 31 Aug 2016
Modification date: 31 Aug 2016
Type: security
Affected Mageia releases : 5
CVE: CVE-2014-9862

Description

Integer signedness error in bspatch.c in bspatch in bsdiff allows remote
attackers to execute arbitrary code or cause a denial of service
(heap-based buffer overflow) via a crafted patch file (CVE-2014-9862).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=19160
• https://lists.opensuse.org/opensuse-updates/2016-08/msg00026.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9862

SRPMS

5/core

• bsdiff-4.3-9.1.mga5