Adsons

    Mageia 2019-0020: discount security update

    Date08 Jan 2019
    CategoryMageia
    29
    Posted ByLinuxSecurity Advisories
    The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file (CVE-2018-11468). DISCOUNT through version 2.2.3a is vulnerable to a Heap-based
    MGASA-2019-0020 - Updated discount packages fix security vulnerabilities
    
    Publication date: 08 Jan 2019
    URL: https://advisories.mageia.org/MGASA-2019-0020.html
    Type: security
    Affected Mageia releases: 6
    CVE: CVE-2018-11468,
         CVE-2018-11503,
         CVE-2018-11504,
         CVE-2018-12495
    
    The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT
    2.2.3a allows remote attackers to cause a denial of service (heap-based
    buffer over-read) via a crafted file (CVE-2018-11468).
    
    DISCOUNT through version 2.2.3a is vulnerable to a Heap-based
    buffer-overflow in in the markdown.c:isfootnote() function. An attacker
    could exploit this to cause a denial of service (CVE-2018-11503).
    
    DISCOUNT through version 2.2.3a is vulnerable to a Heap-based
    buffer-overflow in in the markdown.c:islist() function. An attacker
    could exploit this to cause a denial of service (CVE-2018-11504).
    
    The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT
    2.2.3a allows remote attackers to cause a denial of service
    (heap-based buffer over-read) via a crafted file (CVE-2018-12495).
    
    References:
    - https://bugs.mageia.org/show_bug.cgi?id=23540
    - https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./thread/7RPEBFDVJJU7ZJ2OQIKR35QQENJC2EI3/
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11468
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11503
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11504
    - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12495
    
    SRPMS:
    - 6/core/discount-2.2.4-1.mga6
    

    Sidebar Ad

    LinuxSecurity Poll

    Does your company/organization utilize open-source software?

    Message!

    Poll results are hidden from public viewing.

    You are not authorized to vote on this poll.

    No answer selected. Please try again.
    Please select either existing option or enter your own, however not both.
    Please select minimum 0 answer(s) and maximum 2 answer(s).
    /component/communitypolls/?task=poll.vote
    5
    radio
    bottom200

    Advisories