MGASA-2020-0476 - Updated jackit packages fix security vulnerability

Publication date: 29 Dec 2020
URL: https://advisories.mageia.org/MGASA-2020-0476.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2019-13351

posix/JackSocket.cpp in libjack in JACK2 1.9.1 through 1.9.12 has a "double
file descriptor close" issue during a failed connection attempt when jackd2 is
not running. Exploitation success depends on multithreaded timing of that
double close, which can result in unintended information disclosure, crashes,
or file corruption due to having the wrong file associated with the file
descriptor (CVE-2019-13351).

References:
- https://bugs.mageia.org/show_bug.cgi?id=27775
- https://ubuntu.com/security/CVE-2019-13351
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13351

SRPMS:
- 7/core/jackit-1.9.12-2.1.mga7