Mageia: 2019-0159 Moderate: mxml Buffer Overflow and DoS Risk
mageia
May 12, 2019
Updated mxml packages fix security vulnerabilities: An issue has been found in Mini-XML (aka mxml) 2.12
Summary
Updated mxml packages fix security vulnerabilities:
An issue has been found in Mini-XML (aka mxml) 2.12. It is a stack-based
buffer overflow in mxml_write_node in mxml-file.c via vectors involving
a double-precision floating point number and the '
An issue has been found in Mini-XML (aka mxml) 2.12. It is a
use-after-free in mxmlWalkNext in mxml-search.c, as demonstrated by
mxmldoc (CVE-2018-20005).
In Mini-XML (aka mxml) v2.12, there is a use-after-free in the mxmlAdd
function of the mxml-node.c file. Remote attackers could leverage this
vulnerability to cause a denial-of-service via a crafted xml file, as
demonstrated by mxmldoc (CVE-2018-20592).
In Mini-XML (aka mxml) v2.12, there is stack-based buffer overflow in
the scan_file function in mxmldoc.c (CVE-2018-20593).
References
- https://bugs.mageia.org/show_bug.cgi?id=24583
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/N53IJHDYR5HVQLKH4J6B27OEQLGKSGY5/
- https://www.cve.org/CVERecord?id=CVE-2018-20004
- https://www.cve.org/CVERecord?id=CVE-2018-20005
- https://www.cve.org/CVERecord?id=CVE-2018-20592
- https://www.cve.org/CVERecord?id=CVE-2018-20593
Topics Covered
Resolution
SRPMS
- 6/core/mxml-3.0-1.mga6
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Publication date: 12 May 2019
URL: https://advisories.mageia.org/MGASA-2019-0159.html
Type: security
CVE: CVE-2018-20004,
CVE-2018-20005,
CVE-2018-20592,
CVE-2018-20593
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!