Advisories » MGASA-2017-0318

Updated libgxps packages fix security vulnerability

Publication date: 28 Aug 2017
Modification date: 28 Aug 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-11590

Description

There is a NULL pointer dereference in the caseless_hash function in
gxps-archive.c in libgxps 0.2.5. A crafted input will lead to a denial
of service attack (CVE-2017-11590).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=21526
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/4UCPAG32F7QVCTWKIO5S7U5CKIZQEYJY/
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11590

SRPMS

6/core

• libgxps-0.2.5-1.1.mga6

5/core

• libgxps-0.2.5-1.1.mga5