Advisories » MGASA-2023-0216

Updated apache-ivy packages fix security vulnerability

Publication date: 07 Jul 2023
Modification date: 07 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2022-37865 , CVE-2022-37866

Description

Improper path allowed when extracting archive.(CVE-2022-37865)
Possible path traversal in download path (CVE-2022-37866)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31075
• https://www.openwall.com/lists/oss-security/2022/11/04/2
• https://www.openwall.com/lists/oss-security/2022/11/04/3
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37865
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37866

SRPMS

8/core

• apache-ivy-2.5.0-1.1.mga8