Mageia 2021-0226: libebml security update

Advisories

What Are You Looking For?

Popular Tags

Contribute

Advisories This Week: 241

MGASA-2021-0226 - Updated libebml packages fix security vulnerabilities

Publication date: 08 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0226.html
Type: security
Affected Mageia releases: 7
CVE: CVE-2021-3405

Updated libebml packages fix security vulnerabilities:

Heap use-after-free when parsing malformed file.

A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml (CVE-2021-3405). 

The mkvtoolnix, libmatroska packages have been rebuilt for the
updated libebml.

References:
- https://bugs.mageia.org/show_bug.cgi?id=28278
- https://lists.fedoraproject.org/archives/list/[email protected]raproject.org/thread/7COLX6WFFOI3RIOY2IOXWASU3QKAOWKO/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/JNHQI6MDOECJ2HT5GCLEX2DMJFEOWPW7/
- https://www.debian.org/lts/security/2021/dla-2629
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3405

SRPMS:
- 7/core/libebml-1.4.2-1.mga7
- 7/core/mkvtoolnix-32.0.0-2.1.mga7
- 7/core/libmatroska-1.5.0-2.1.mga7

Mageia 2021-0226: libebml security update

Updated libebml packages fix security vulnerabilities: Heap use-after-free when parsing malformed file

Summary

Updated libebml packages fix security vulnerabilities:
Heap use-after-free when parsing malformed file.
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml (CVE-2021-3405).
The mkvtoolnix, libmatroska packages have been rebuilt for the updated libebml.

References

- https://bugs.mageia.org/show_bug.cgi?id=28278

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/7COLX6WFFOI3RIOY2IOXWASU3QKAOWKO/

- https://lists.fedoraproject.org/archives/list/[email protected]/thread/JNHQI6MDOECJ2HT5GCLEX2DMJFEOWPW7/

- https://www.debian.org/lts/security/2021/dla-2629

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3405

Resolution

MGASA-2021-0226 - Updated libebml packages fix security vulnerabilities

SRPMS

- 7/core/libebml-1.4.2-1.mga7

- 7/core/mkvtoolnix-32.0.0-2.1.mga7

- 7/core/libmatroska-1.5.0-2.1.mga7

Severity
Publication date: 08 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0226.html
Type: security
CVE: CVE-2021-3405

News

Advisories

HOWTOs

Features

Benefits & Drawbacks of Using a VPN on Linux
How a WAF Could Improve the Security of Your Linux Web Applications
Installing SurfShark VPN On Kali Linux: The Authoritative Guide
Best Practices for PHP Security
9 Wise Linux Cybersecurity Tips for Businesses

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy