Advisories » MGASA-2017-0108

Updated ming packages fix security vulnerability

Publication date: 15 Apr 2017
Modification date: 15 Apr 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2017-7578

Description

The update fixes CVE-2017-7578:

Multiple heap-based buffer overflows in parser.c in libming 0.4.7 allow
remote attackers to cause a denial of service (listswf application crash)
or possibly have unspecified other impact via a crafted SWF file.
NOTE: This issue exists because of an incomplete fix for CVE-2016-9831.
                

References

• https://bugs.mageia.org/show_bug.cgi?id=20644
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7578

SRPMS

5/core

• ming-0.4.5-8.2.mga5