1 |
type: security |
2 |
subject: Updated mxml packages fix security vulnerabilities |
3 |
CVE: |
4 |
- CVE-2018-20004 |
5 |
- CVE-2018-20005 |
6 |
- CVE-2018-20592 |
7 |
- CVE-2018-20593 |
8 |
src: |
9 |
6: |
10 |
core: |
11 |
- mxml-3.0-1.mga6 |
12 |
description: | |
13 |
Updated mxml packages fix security vulnerabilities: |
14 |
|
15 |
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based |
16 |
buffer overflow in mxml_write_node in mxml-file.c via vectors involving |
17 |
a double-precision floating point number and the '<order type="real">' |
18 |
substring, as demonstrated by testmxml (CVE-2018-20004). |
19 |
|
20 |
An issue has been found in Mini-XML (aka mxml) 2.12. It is a |
21 |
use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by |
22 |
mxmldoc (CVE-2018-20005). |
23 |
|
24 |
In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd |
25 |
function of the mxml-node.c file. Remote attackers could leverage this |
26 |
vulnerability to cause a denial-of-service via a crafted xml file, as |
27 |
demonstrated by mxmldoc (CVE-2018-20592). |
28 |
|
29 |
In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in |
30 |
the scan_file function in mxmldoc.c (CVE-2018-20593). |
31 |
references: |
32 |
- https://bugs.mageia.org/show_bug.cgi?id=24583 |
33 |
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/ |
34 |
ID: MGASA-2019-0159 |