Advisories » MGASA-2020-0458

Updated bitcoin packages fix security vulnerabilities

Publication date: 17 Dec 2020
Modification date: 17 Dec 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-15947 , CVE-2020-14198

Description

Multiple vulnerabilities have been discovered in Bitcoin.

In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted
in memory. Upon a crash, it may dump a core file. If a user were to
mishandle a core file, an attacker can reconstruct the user's
wallet.dat file, including their private keys, via a grep "6231 0500"
command (CVE-2019-15947).

Bitcoin Core 0.20.0 allows remote denial of service (CVE-2020-14198).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=27731
• https://security.gentoo.org/glsa/202009-18
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15947
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14198

SRPMS

7/core

• bitcoin-0.20.1-1.mga7