Parent Directory | Revision Log
MGASA-2017-0103: mxml-2.7-6.1.mga5
1 | type: security |
2 | subject: Updated mxml packages fix security vulnerability |
3 | CVE: |
4 | - CVE-2016-4570 |
5 | - CVE-2016-4571 |
6 | src: |
7 | 5: |
8 | core: |
9 | - mxml-2.7-6.1.mga5 |
10 | description: | |
11 | Two stack exhaustion issues based on uncontrolled recursion were found in |
12 | mxml. A maliciously crafted xml file can cause the application to crash. |
13 | |
14 | * Recursion using mxmlDelete at mxml-node.c:217 (reproducer is |
15 | stack-exhaustion-1.xml CVE-2016-4570). |
16 | |
17 | * Recursion using mxml_write_node at mxml-file.c:2739 (reproducer is |
18 | stack-exhaustion-2.xml CVE-2016-4571). |
19 | references: |
20 | - https://bugs.mageia.org/show_bug.cgi?id=20593 |
21 | - https://bugzilla.redhat.com/show_bug.cgi?id=1334648 |
22 | - https://lists.opensuse.org/opensuse-updates/2017-03/msg00081.html |
23 | - http://seclists.org/oss-sec/2016/q2/276 |
24 | ID: MGASA-2017-0103 |
ViewVC Help | |
Powered by ViewVC 1.1.30 |