Advisories » MGASA-2017-0426

Updated bchunk package fixes security vulnerabilities

Publication date: 26 Nov 2017
Modification date: 26 Nov 2017
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2017-15953 , CVE-2017-15954 , CVE-2017-15955

Description

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a
heap-based buffer overflow and crash when processing a malformed CUE
(.cue) file. (CVE-2017-15953)

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to a
heap-based buffer overflow (with a resultant invalid free) and crash
when processing a malformed CUE (.cue) file. (CVE-2017-15954)

bchunk (related to BinChunker) 1.2.0 and 1.2.1 is vulnerable to an
"Access violation near NULL on destination operand" and crash when
processing a malformed CUE (.cue) file. (CVE-2017-15955)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=22004
• https://www.debian.org/security/2017/dsa-4026
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955

SRPMS

6/core

• bchunk-1.2.0-14.1.mga6

5/core

• bchunk-1.2.0-13.1.mga5