1 |
type: security |
2 |
subject: Updated cronie packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2019-9704 |
5 |
- CVE-2019-9705 |
6 |
src: |
7 |
6: |
8 |
core: |
9 |
- cronie-1.5.4-1.mga6 |
10 |
description: | |
11 |
Updated cronie packages fix security vulnerabilities: |
12 |
|
13 |
Cronie before 1.5.3 allows local users to cause a denial of service |
14 |
(daemon crash) via a large crontab file because the calloc return value |
15 |
is not checked (CVE-2019-9704). |
16 |
|
17 |
Cronie before 1.5.3 allows local users to cause a denial of service |
18 |
(memory consumption) via a large crontab file because an unlimited number |
19 |
of lines is accepted (CVE-2019-9705). |
20 |
references: |
21 |
- https://bugs.mageia.org/show_bug.cgi?id=24579 |
22 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6DU7HAUAQR4E4AEBPYLUV6FZ4PHKH6A2/ |
23 |
ID: MGASA-2019-0157 |