Advisories ยป MGASA-2018-0441

Updated audiofile packages fix security vulnerabilities

Publication date: 11 Nov 2018
Modification date: 11 Nov 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-13440 , CVE-2018-17095

Description

A NULL pointer dereference in modules/ModuleState.cpp:ModuleState::setup()
allows for denial of service via crafted file (CVE-2018-13440).

A Heap-based buffer overflow was found in Expand3To4Module::run when
running sfconvert (CVE-2018-17095).
                

References

SRPMS

6/core