advisories/24586.adv

type: security
subject: Updated cfitsio packages fix security vulnerability
CVE:
 - CVE-2018-3846
 - CVE-2018-3848
 - CVE-2018-3849
src:
  6:
   core:
     - cfitsio-3.430-1.1.mga6
description: |
  CVE-2018-3846: Unsafe use of sprintf() can allow a remote unauthenticated
  attacker to execute arbitrary code
  CVE-2018-3848: Stack-based buffer overflow in ffghbn() allows for
  potential code execution
  CVE-2018-3849: Stack-based buffer overflow in ffghtb() allows for
  potential code execution
references:
 - https://bugs.mageia.org/show_bug.cgi?id=24586
 - https://bugzilla.redhat.com/show_bug.cgi?id=1563915
 - https://bugzilla.redhat.com/show_bug.cgi?id=1568184
 - https://bugzilla.redhat.com/show_bug.cgi?id=1568189
ID: MGASA-2019-0133
1	type: security
2	subject: Updated cfitsio packages fix security vulnerability
3	CVE:
4	- CVE-2018-3846
5	- CVE-2018-3848
6	- CVE-2018-3849
7	src:
8	6:
9	core:
10	- cfitsio-3.430-1.1.mga6
11	description: \|
12	CVE-2018-3846: Unsafe use of sprintf() can allow a remote unauthenticated
13	attacker to execute arbitrary code
14	CVE-2018-3848: Stack-based buffer overflow in ffghbn() allows for
15	potential code execution
16	CVE-2018-3849: Stack-based buffer overflow in ffghtb() allows for
17	potential code execution
18	references:
19	- https://bugs.mageia.org/show_bug.cgi?id=24586
20	- https://bugzilla.redhat.com/show_bug.cgi?id=1563915
21	- https://bugzilla.redhat.com/show_bug.cgi?id=1568184
22	- https://bugzilla.redhat.com/show_bug.cgi?id=1568189
23	ID: MGASA-2019-0133