MGASA-2021-0226 - Updated libebml packages fix security vulnerabilities Publication date: 08 Jun 2021 URL: https://advisories.mageia.org/MGASA-2021-0226.html Type: security Affected Mageia releases: 7 CVE: CVE-2021-3405 Updated libebml packages fix security vulnerabilities: Heap use-after-free when parsing malformed file. A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml (CVE-2021-3405). The mkvtoolnix, libmatroska packages have been rebuilt for the updated libebml. References: - https://bugs.mageia.org/show_bug.cgi?id=28278 - https://lists.fedoraproject.org/archives/list/[email protected]/thread/7COLX6WFFOI3RIOY2IOXWASU3QKAOWKO/ - https://lists.fedoraproject.org/archives/list/[email protected]/thread/JNHQI6MDOECJ2HT5GCLEX2DMJFEOWPW7/ - https://www.debian.org/lts/security/2021/dla-2629 - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3405 SRPMS: - 7/core/libebml-1.4.2-1.mga7 - 7/core/mkvtoolnix-32.0.0-2.1.mga7 - 7/core/libmatroska-1.5.0-2.1.mga7
Mageia 2021-0226: libebml security update
Updated libebml packages fix security vulnerabilities: Heap use-after-free when parsing malformed file
Summary
CVE: CVE-2021-3405
Updated libebml packages fix security vulnerabilities:
Heap use-after-free when parsing malformed file.
A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml (CVE-2021-3405).
The mkvtoolnix, libmatroska packages have been rebuilt for the
updated libebml.
Resolution
MGASA-2021-0226 - Updated libebml packages fix security vulnerabilities
References
- https://bugs.mageia.org/show_bug.cgi?id=28278
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/7COLX6WFFOI3RIOY2IOXWASU3QKAOWKO/
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/JNHQI6MDOECJ2HT5GCLEX2DMJFEOWPW7/
- https://www.debian.org/lts/security/2021/dla-2629
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3405
Severity
Issued Date: 08 Jun 2021
URL: https://advisories.mageia.org/MGASA-2021-0226.html
Type: security
Affected Mageia releases: 7
News
HOWTOs
Features
Secure Linux Hosting for Businesses
What Is Threat Intelligence?
CloudLinux Simplifies & Enhances Linux Security with its TuxCare Unified Enterprise Support Services
LinuxSecurity, Leading Provider of Linux Security News and Information, Unveils its New Website
Biden's New Executive Cybersecurity Order Highlights the Power of Open-Source Security
About Us
Powered By
