Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Mageia: 2019-0396 Moderate: FlightCrew NULL Pointer Issues

mageia
Calendar Grey December 19, 2019
Dist Mageia Esm H88
MGASA-2019-0397: Revised FlightCrew modules mitigate potential security risks. Major updates strengthen overall system resilience.
The updated packages fix security vulnerabilities: An issue was discovered in FlightCrew v0.9.2 and earlier

Summary

The updated packages fix security vulnerabilities:
An issue was discovered in FlightCrew v0.9.2 and earlier. A NULL pointer dereference occurs in GetRelativePathToNcx() or GetRelativePathsToXhtmlDocuments() when a NULL pointer is passed to xc::XMLUri::isValidURI(). This affects third-party software (not Sigil) that uses FlightCrew as a library. (CVE-2019-13032)
FlightCrew v0.9.2 and older are vulnerable to a directory traversal, allowing attackers to write arbitrary files via a ../ (dot dot slash) in a ZIP archive entry that is mishandled during extraction. (CVE-2019-13241)

References

- https://bugs.mageia.org/show_bug.cgi?id=25281

- https://ubuntu.com/security/notices/USN-4055-1

- https://www.cve.org/CVERecord?id=CVE-2019-13032

- https://www.cve.org/CVERecord?id=CVE-2019-13241

Topics%20covered

Topics Covered

security advisory security issue update directory traversal NULL pointer mageia flightcrew

Resolution

SRPMS

- 7/core/flightcrew-0.9.0-10.1.mga7

Severity
important
Lowest
Low
Medium
High
Critical

Publication date: 19 Dec 2019
URL: https://advisories.mageia.org/MGASA-2019-0396.html
Type: security
CVE: CVE-2019-13032, CVE-2019-13241

Topics%20covered

Topics Covered

security advisory security issue update directory traversal NULL pointer mageia flightcrew

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here