Advisories » MGASA-2018-0440

Updated iniparser packages fix security vulnerability

Publication date: 11 Nov 2018
Modification date: 11 Nov 2018
Type: security
Affected Mageia releases : 6

Description

A flaw was found in iniparser version prior to 4.1. A stack buffer
underflow in the function iniparser_load() in iniparser.c file which can
be triggered by parsing a file that containing a zero-byte. This
vulnerability may allow an attacker to cause a Denial of Service (DoS).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=23561
• https://github.com/ndevilla/iniparser/issues/68
• https://bugzilla.redhat.com/show_bug.cgi?id=1545824
• https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JM5SZJJT2YKW6NSUEDTA7J4RSLYWP37D/

SRPMS

6/core

• iniparser-3.1-8.mga6