Updated valgrind packages fix security vulnerabilities
Publication date: 28 Jul 2017Modification date: 27 Jul 2017
Type: security
Affected Mageia releases : 5
CVE: CVE-2016-2226 , CVE-2016-4487 , CVE-2016-4488 , CVE-2016-4489 , CVE-2016-4490 , CVE-2016-4491 , CVE-2016-4492 , CVE-2016-4493 , CVE-2016-6131
Description
It was discovered that Valgrind incorectly handled certain string
operations. If a user or automated system were tricked into processing
a specially crafted binary, a remote attacker could possibly execute
arbitrary code (CVE-2016-2226).
It was discovered that Valgrind incorrectly handled parsing certain
binaries. If a user or automated system were tricked into processing a
specially crafted binary, a remote attacker could use this issue to
cause Valgrind to crash, resulting in a denial of service
(CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490,
CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131).
References
- https://bugs.mageia.org/show_bug.cgi?id=21126
- https://www.ubuntu.com/usn/usn-3337-1/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131
SRPMS
5/core
- valgrind-3.10.1-2.1.mga5