Mageia 2020-0458: bitcoin security update
Summary
Multiple vulnerabilities have been discovered in Bitcoin.
In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted
in memory. Upon a crash, it may dump a core file. If a user were to
mishandle a core file, an attacker can reconstruct the user's
wallet.dat file, including their private keys, via a grep "6231 0500"
command (CVE-2019-15947).
Bitcoin Core 0.20.0 allows remote denial of service (CVE-2020-14198).
References
- https://bugs.mageia.org/show_bug.cgi?id=27731
- https://security.gentoo.org/glsa/202009-18
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14198
Resolution
MGASA-2020-0458 - Updated bitcoin packages fix security vulnerabilities
SRPMS
- 7/core/bitcoin-0.20.1-1.mga7