Updated libapreq2 packages fix security vulnerability: Max Kellermann reported a NULL pointer dereference flaw in libapreq2, allowing a remote attacker to cause a denial of service against an application using the library (application crash) if an invalid nested

MGASA-2019-0327 - Updated libapreq2 packages fix security vulnerability

Publication date: 14 Nov 2019
URL: https://advisories.mageia.org/MGASA-2019-0327.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-12412

Updated libapreq2 packages fix security vulnerability:

Max Kellermann reported a NULL pointer dereference flaw in libapreq2,
allowing a remote attacker to cause a denial of service against an
application using the library (application crash) if an invalid nested
"multipart" body is processed (CVE-2019-12412).

References:
- https://bugs.mageia.org/show_bug.cgi?id=25638
- https://www.debian.org/security/2019/dsa-4541
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12412

SRPMS:
- 7/core/libapreq2-2.130.0-28.1.mga7