1 |
tmb |
8499 |
type: security |
2 |
|
|
subject: Updated cronie packages fix security vulnerabilities |
3 |
|
|
CVE: |
4 |
|
|
- CVE-2019-9704 |
5 |
|
|
- CVE-2019-9705 |
6 |
|
|
src: |
7 |
|
|
6: |
8 |
|
|
core: |
9 |
|
|
- cronie-1.5.4-1.mga6 |
10 |
|
|
description: | |
11 |
|
|
Updated cronie packages fix security vulnerabilities: |
12 |
|
|
|
13 |
|
|
Cronie before 1.5.3 allows local users to cause a denial of service |
14 |
|
|
(daemon crash) via a large crontab file because the calloc return value |
15 |
|
|
is not checked (CVE-2019-9704). |
16 |
|
|
|
17 |
|
|
Cronie before 1.5.3 allows local users to cause a denial of service |
18 |
|
|
(memory consumption) via a large crontab file because an unlimited number |
19 |
|
|
of lines is accepted (CVE-2019-9705). |
20 |
|
|
references: |
21 |
|
|
- https://bugs.mageia.org/show_bug.cgi?id=24579 |
22 |
|
|
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6DU7HAUAQR4E4AEBPYLUV6FZ4PHKH6A2/ |
23 |
tmb |
8518 |
ID: MGASA-2019-0157 |