MGASA-2020-0012

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0012.html

Import Source

https://advisories.mageia.org/MGASA-2020-0012.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2020-0012

Related

Published

2020-01-05T15:37:51Z

Modified

2020-01-05T15:11:17Z

Summary

Updated upx packages fix security vulnerability

Details

The updated package fixes security vulnerabilities:

An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an allocation of excessive memory. (CVE-2019-14295)

canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of service (SEGV or buffer overflow, and application crash) or possibly have unspecified other impact via a crafted UPX packed file. (CVE-2019-14296)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / upx

Package

Name: upx
Purl: pkg:rpm/mageia/upx?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.95-1.1.mga7

Ecosystem specific

{
    "section": "core"
}