Mageia 7: MGASA-2020-0001 Moderate: apache-commons-compress Resource Flaw
mageia
January 5, 2020
pdated apache-commons-compress packages fix security vulnerability: A resource consumption vulnerability was discovered in apache-commons- compress in the way NioZipEncoding encod...
Summary
pdated apache-commons-compress packages fix security vulnerability:
A resource consumption vulnerability was discovered in apache-commons-
compress in the way NioZipEncoding encodes filenames. Applications that
use Compress to create archives, with one of the filenames within the
archive being controlled by the user, may be vulnerable to this flaw.
A remote attacker could exploit this flaw to cause an infinite loop during
the archive creation, thus leading to a denial of service (CVE-2019-12402).
References
- https://bugs.mageia.org/show_bug.cgi?id=25365
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/QLJIK2AUOZOWXR3S5XXBUNMOF3RTHTI7/
- https://www.cve.org/CVERecord?id=CVE-2019-12402
Resolution
SRPMS
- 7/core/apache-commons-compress-1.19-1.mga7
PREVIOUS
NEXT
Publication date: 05 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0001.html
Type: security
CVE: CVE-2019-12402
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!