Mageia 7: MGASA-2020-0012 Critical: UPX Integer Overflow Threat
mageia
January 5, 2020
The updated package fixes security vulnerabilities: An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a denial of ser...
Summary
The updated package fixes security vulnerabilities:
An Integer overflow in the getElfSections function in p_vmlinx.cpp in UPX
3.95 allows remote attackers to cause a denial of service (crash) via a
skewed offset larger than the size of the PE section in a UPX packed
executable, which triggers an allocation of excessive memory.
(CVE-2019-14295)
canUnpack in p_vmlinx.cpp in UPX 3.95 allows remote attackers to cause a
denial of service (SEGV or buffer overflow, and application crash) or
possibly have unspecified other impact via a crafted UPX packed file.
(CVE-2019-14296)
References
- https://bugs.mageia.org/show_bug.cgi?id=25935
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MOCJ43HTM45GZCAQ2FLEBDNBM76V22RG/
- https://www.cve.org/CVERecord?id=CVE-2019-14295
- https://www.cve.org/CVERecord?id=CVE-2019-14296
Topics Covered
Resolution
SRPMS
- 7/core/upx-3.95-1.1.mga7
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 05 Jan 2020
URL: https://advisories.mageia.org/MGASA-2020-0012.html
Type: security
CVE: CVE-2019-14295, CVE-2019-14296
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!