Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Mageia 7: MGASA-2020-0096 Critical: UPX Denial Of Service Issues

mageia
Calendar Grey February 24, 2020
Dist Mageia Esm H88
Recent UPX updates within Mageia address severe security flaws that lead to denial of service incidents and potential buffer over-read vulnerabilities.
The updated packages fix security vulnerabilities: PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackers to cause a denial of service (double free), limit the...

Summary

The updated packages fix security vulnerabilities:
PackLinuxElf64::unpack in p_lx_elf.cpp in UPX 3.95 allows remote attackersto cause a denial of service (double free), limit the ability of a malware scanner to operate on the entire original data, or possibly have unspecified other impact via a crafted file. (CVE-2018-11243)
A heap-based buffer over-read was discovered in canUnpack in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. (CVE-2019-20021)
A floating-point exception was discovered in PackLinuxElf::elf_hash in p_lx_elf.cpp in UPX 3.95. The vulnerability causes an application crash, which leads to denial of service. (CVE-2019-20051)
An invalid memory address dereference was discovered in the canUnpack function in p_mach.cpp in UPX 3.95 via a crafted Mach-O file. (CVE-2019-20053)
A denial of service in PackLinuxElf32::PackLinuxElf32help1(). (CVE-2019-1010048)

References

- https://bugs.mageia.org/show_bug.cgi?id=26172

- - - https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/D7XU42G6MUQQXHWRP7DCF2JSIBOJ5GOO/

- https://www.cve.org/CVERecord?id=CVE-2018-11243

- https://www.cve.org/CVERecord?id=CVE-2019-20021

- https://www.cve.org/CVERecord?id=CVE-2019-20051

- https://www.cve.org/CVERecord?id=CVE-2019-20053

- https://www.cve.org/CVERecord?id=CVE-2019-1010048

Topics%20covered

Topics Covered

security advisory denial of service remote attack heap overflow buffer over-read Mageia

Resolution

SRPMS

- 7/core/upx-3.96-1.mga7

- 7/core/ucl-1.03-16.1.mga7

Severity
critical
Lowest
Low
Medium
High
Critical

Publication date: 24 Feb 2020
URL: https://advisories.mageia.org/MGASA-2020-0096.html
Type: security
CVE: CVE-2018-11243, CVE-2019-20021, CVE-2019-20051, CVE-2019-20053, CVE-2019-1010048

Topics%20covered

Topics Covered

security advisory denial of service remote attack heap overflow buffer over-read Mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here