MGASA-2021-0241
- Source
- https://advisories.mageia.org/MGASA-2021-0241.html
- Import Source
- https://advisories.mageia.org/MGASA-2021-0241.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2021-0241
- Related
- Published
- 2021-06-08T16:46:03Z
- Modified
- 2021-06-08T15:37:11Z
- Summary
- Updated upx packages fix security vulnerabilities
- Details
-
The updated package fixes security vulnerabilities:
A heap buffer overflow read was discovered in upx 4.0.0, because the check in plxelf.cpp is not perfect. (CVE-2020-24119)
A flaw was found in upx canPack in plxelf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability. (CVE-2021-20285)
- References
-
- https://advisories.mageia.org/MGASA-2021-0241.html
- https://bugs.mageia.org/show_bug.cgi?id=29016
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/G3BQABK4YLXENDJBLDMHAIPRTC3ZMLYK/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/VSQRO7YC72PSYDQG4PQLQYXZTZE3B4YV/
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/V2GCFGL5HHPU3GIC7XYIPIMYFFLH2M4U/
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:8 / upx
Package
- Name
- upx
- Purl
- pkg:rpm/mageia/upx?distro=mageia-8
Mageia:7 / upx
Package
- Name
- upx
- Purl
- pkg:rpm/mageia/upx?distro=mageia-7