MGASA-2020-0001

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0001.html

Import Source

https://advisories.mageia.org/MGASA-2020-0001.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0001

Related

CVE-2019-12402

Published

2020-01-05T15:37:51Z

Modified

2020-01-05T15:08:01Z

Summary

Updated apache-commons-compress- packages fix security vulnerability

Details

pdated apache-commons-compress packages fix security vulnerability:

A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encodes filenames. Applications that use Compress to create archives, with one of the filenames within the archive being controlled by the user, may be vulnerable to this flaw. A remote attacker could exploit this flaw to cause an infinite loop during the archive creation, thus leading to a denial of service (CVE-2019-12402).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / apache-commons-compress

Package

Name: apache-commons-compress
Purl: pkg:rpm/mageia/apache-commons-compress?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.19-1.mga7

Ecosystem specific

{
    "section": "core"
}