Mageia 2020-0476: jackit security update
Summary
posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 has a "double
file descriptor close" issue during a failed connection attempt when jackd2 is
not running. Exploitation success depends on multithreaded timing of that
double close, which can result in unintended information disclosure, crashes,
or file corruption due to having the wrong file associated with the file
descriptor (CVE-2019-13351).
References
- https://bugs.mageia.org/show_bug.cgi?id=27775
- https://ubuntu.com/security/CVE-2019-13351
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13351
Resolution
MGASA-2020-0476 - Updated jackit packages fix security vulnerability
SRPMS
- 7/core/jackit-1.9.12-2.1.mga7