advisories/24579.adv

type: security
subject: Updated cronie packages fix security vulnerabilities
CVE:
 - CVE-2019-9704
 - CVE-2019-9705
src:
  6:
   core:
     - cronie-1.5.4-1.mga6
description: |
  Updated cronie packages fix security vulnerabilities:

  Cronie before 1.5.3 allows local users to cause a denial of service
  (daemon crash) via a large crontab file because the calloc return value
  is not checked (CVE-2019-9704).

  Cronie before 1.5.3 allows local users to cause a denial of service
  (memory consumption) via a large crontab file because an unlimited number
  of lines is accepted (CVE-2019-9705).
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24579
 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6DU7HAUAQR4E4AEBPYLUV6FZ4PHKH6A2/
ID: MGASA-2019-0157
1	tmb	8499	type: security
2			subject: Updated cronie packages fix security vulnerabilities
3			CVE:
4			- CVE-2019-9704
5			- CVE-2019-9705
6			src:
7			6:
8			core:
9			- cronie-1.5.4-1.mga6
10			description: \|
11			Updated cronie packages fix security vulnerabilities:
12
13			Cronie before 1.5.3 allows local users to cause a denial of service
14			(daemon crash) via a large crontab file because the calloc return value
15			is not checked (CVE-2019-9704).
16
17			Cronie before 1.5.3 allows local users to cause a denial of service
18			(memory consumption) via a large crontab file because an unlimited number
19			of lines is accepted (CVE-2019-9705).
20			references:
21			- https://bugs.mageia.org/show_bug.cgi?id=24579
22			- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6DU7HAUAQR4E4AEBPYLUV6FZ4PHKH6A2/
23	tmb	8518	ID: MGASA-2019-0157