| Summary: | less new security issue CVE-2014-9488 | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | David Walser <luigiwalser> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | Sec team <security> |
| Severity: | normal | ||
| Priority: | Normal | CC: | sysadmin-bugs |
| Version: | 4 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | i586 | ||
| OS: | Linux | ||
| URL: | http://lwn.net/Vulnerabilities/637854/ | ||
| Whiteboard: | has_procedure mga4-32-ok mga4-64-ok advisory | ||
| Source RPM: | less-458-4.mga5.src.rpm | CVE: | |
| Status comment: | |||
|
Description
David Walser
2015-03-25 17:33:23 CET
David Walser
2015-03-25 17:34:01 CET
Whiteboard:
(none) =>
MGA5TOO, MGA4TOO Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated less package fixes security vulnerability: Malformed UTF-8 data could have caused an out of bounds read in the UTF-8 decoding routines, causing an invalid read access (CVE-2014-9488). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9488 http://lists.opensuse.org/opensuse-updates/2015-03/msg00077.html ======================== Updated packages in core/updates_testing: ======================== less-458-2.1.mga4 from less-458-2.1.mga4.src.rpm Version:
Cauldron =>
4 PoC information here: https://blog.fuzzing-project.org/3-less-out-of-bounds-read-access-TFPA-0022014.html Testing complete mga4 64 opened a couple of PoC files with less and also $ less /usr/share/doc/less/README.urpmi Whiteboard:
(none) =>
has_procedure mga4-64-ok Validating. Advisory uploaded. Keywords:
(none) =>
validated_update Thanks Claire. I can confirm your testing results on Mageia 4 i586. Whiteboard:
has_procedure mga4-64-ok advisory =>
has_procedure mga4-32-ok mga4-64-ok advisory An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2015-0139.html Status:
NEW =>
RESOLVED |