Updated leptonica packages fix security vulnerabilities
Publication date: 14 Jun 2018Modification date: 14 Jun 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-3836 , CVE-2018-7440 , CVE-2018-7442
Description
This update fixes a security issue (potential injection attack using gplot rootdir) originally reported in CVE-2018-3836. This fix was incomplete and again reported in CVE-2018-7440 and CVE-2018-7442. The improved fix is included in leptonica-1.76.0.
References
- https://bugs.mageia.org/show_bug.cgi?id=23130
- https://bugs.mageia.org/show_bug.cgi?id=22591
- https://bugzilla.redhat.com/show_bug.cgi?id=1549735
- https://bugzilla.redhat.com/show_bug.cgi?id=1549729
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3836
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7440
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7442
SRPMS
6/core
- leptonica-1.76.0-1.mga6