Advisories » MGASA-2023-0221

Updated keepass packages fix security vulnerability

Publication date: 07 Jul 2023
Modification date: 07 Jul 2023
Type: security
Affected Mageia releases : 8
CVE: CVE-2023-24055 , CVE-2023-32784

Description

Allows an attacker, who has write access to the XML configuration file, to
obtain the cleartext passwords by adding an export trigger. Disputed by
vendor due to level of access required. (CVE-2023-24055)
Possible to recover the cleartext master password from a memory dump, even
when a workspace is locked or no longer running (CVE-2023-32784)
                

References

• https://bugs.mageia.org/show_bug.cgi?id=31935
• https://amp.thehackernews.com/thn/2023/05/keepass-exploit-allows-attackers-to.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24055
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32784

SRPMS

8/core

• keepass-2.54-1.mga8