MGASA-2020-0458 - Updated bitcoin packages fix security vulnerabilities

Publication date: 17 Dec 2020
URL: https://advisories.mageia.org/MGASA-2020-0458.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-15947,
     CVE-2020-14198

Multiple vulnerabilities have been discovered in Bitcoin.

In Bitcoin Core 0.18.0, bitcoin-qt stores wallet.dat data unencrypted
in memory. Upon a crash, it may dump a core file. If a user were to
mishandle a core file, an attacker can reconstruct the user's
wallet.dat file, including their private keys, via a grep "6231 0500"
command (CVE-2019-15947).

Bitcoin Core 0.20.0 allows remote denial of service (CVE-2020-14198).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27731
- https://security.gentoo.org/glsa/202009-18
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15947
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14198

SRPMS:
- 7/core/bitcoin-0.20.1-1.mga7