/[advisories]/24583.adv
ViewVC logotype

Contents of /24583.adv

Parent Directory Parent Directory | Revision Log Revision Log


Revision 8520 - (show annotations) (download)
Sun May 12 08:59:56 2019 UTC (5 weeks ago) by tmb
File size: 1311 byte(s)
MGASA-2019-0159: mxml-3.0-1.mga6
1 type: security
2 subject: Updated mxml packages fix security vulnerabilities
3 CVE:
4 - CVE-2018-20004
5 - CVE-2018-20005
6 - CVE-2018-20592
7 - CVE-2018-20593
8 src:
9 6:
10 core:
11 - mxml-3.0-1.mga6
12 description: |
13 Updated mxml packages fix security vulnerabilities:
14
15 An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based
16 buffer overflow in mxml_write_node in mxml-file.c via vectors involving
17 a double-precision floating point number and the '<order type="real">'
18 substring, as demonstrated by testmxml (CVE-2018-20004).
19
20 An issue has been found in Mini-XML (aka mxml) 2.12. It is a
21 use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by
22 mxmldoc (CVE-2018-20005).
23
24 In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd
25 function of the mxml-node.c file. Remote attackers could leverage this
26 vulnerability to cause a denial-of-service via a crafted xml file, as
27 demonstrated by mxmldoc (CVE-2018-20592).
28
29 In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in
30 the scan_file function in mxmldoc.c (CVE-2018-20593).
31 references:
32 - https://bugs.mageia.org/show_bug.cgi?id=24583
33 - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/
34 ID: MGASA-2019-0159

  ViewVC Help
Powered by ViewVC 1.1.26