Advisories ยป MGASA-2018-0111

Updated gcab packages fix security vulnerability

Publication date: 06 Feb 2018
Modification date: 06 Feb 2018
Type: security
Affected Mageia releases : 5 , 6
CVE: CVE-2018-5345

Description

It was discovered that gcab is prone to a stack-based buffer overflow
vulnerability when extracting .cab files. An attacker can take advantage
of this flaw to cause a denial-of-service or, potentially the execution
of arbitrary code with the privileges of the user running gcab, if a
specially crafted .cab file is processed (CVE-2018-5345).
                

References

SRPMS

5/core

6/core