Advisories ยป MGASA-2020-0458

Updated bitcoin packages fix security vulnerabilities

Publication date: 17 Dec 2020
Modification date: 17 Dec 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-15947 , CVE-2020-14198

Description

Multiple vulnerabilities have been discovered in Bitcoin.

In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted
in memory. Upon a crash, it may dump a core file. If a user were to
mishandle a core file, an attacker can reconstruct the user's
wallet.dat file, including their private keys, via a grep "6231 0500"
command (CVE-2019-15947).

Bitcoin Core 0.20.0 allows remote denial of service (CVE-2020-14198).
                

References

SRPMS

7/core