{ "schema_version": "1.6.2", "id": "MGASA-2024-0100", "published": "2024-03-31T03:27:58Z", "modified": "2024-03-31T03:03:59Z", "summary": "Updated aide & mhash packages fix security vulnerability", "details": "AIDE before 0.17.4 allows local users to obtain root privileges via\ncrafted file metadata (such as XFS extended attributes or tmpfs ACLs),\nbecause of a heap-based buffer overflow. (CVE-2021-45417)\n", "related": [ "CVE-2021-45417" ], "references": [ { "type": "ADVISORY", "url": "https://advisories.mageia.org/MGASA-2024-0100.html" }, { "type": "REPORT", "url": "https://bugs.mageia.org/show_bug.cgi?id=29911" }, { "type": "REPORT", "url": "https://www.openwall.com/lists/oss-security/2022/01/20/3" }, { "type": "REPORT", "url": "https://ubuntu.com/security/notices/USN-5243-1" }, { "type": "REPORT", "url": "https://www.debian.org/security/2022/dsa-5051" }, { "type": "REPORT", "url": "https://access.redhat.com/errata/RHSA-2022:0441" } ], "affected": [ { "package": { "ecosystem": "Mageia:9", "name": "aide", "purl": "pkg:rpm/mageia/aide?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.18.6-1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } }, { "package": { "ecosystem": "Mageia:9", "name": "mhash", "purl": "pkg:rpm/mageia/mhash?arch=source&distro=mageia-9" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "0" }, { "fixed": "0.9.9.9-16.1.mga9" } ] } ], "ecosystem_specific": { "section": "core" } } ], "credits": [ { "name": "Mageia", "type": "COORDINATOR", "contact": [ "https://wiki.mageia.org/en/Packages_Security_Team" ] } ] }