What Are You Looking For?

Sign Up
MGASA-2022-0116 - Updated abcm2ps packages fix security vulnerability

Publication date: 24 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0116.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-32434,
     CVE-2021-32435,
     CVE-2021-32436

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the
function calculate_beam at draw.c. (CVE-2021-32434)
Stack-based buffer overflow in the function get_key in parse.c of abcm2ps
v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via
unspecified vectors. (CVE-2021-32435)
An out-of-bounds read in the function write_title() in subs.c of abcm2ps
v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via
unspecified vectors. (CVE-2021-32436)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30195
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6333SXWMES3K22DBAOAW34G6EU6WIJEY/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32435
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32436

SRPMS:
- 8/core/abcm2ps-8.14.13-1.mga8

Mageia 2022-0116: abcm2ps security update

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c

Summary

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the function calculate_beam at draw.c. (CVE-2021-32434) Stack-based buffer overflow in the function get_key in parse.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32435) An out-of-bounds read in the function write_title() in subs.c of abcm2ps v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via unspecified vectors. (CVE-2021-32436)

References

- https://bugs.mageia.org/show_bug.cgi?id=30195

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/6333SXWMES3K22DBAOAW34G6EU6WIJEY/

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32434

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32435

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32436

Resolution

MGASA-2022-0116 - Updated abcm2ps packages fix security vulnerability

SRPMS

- 8/core/abcm2ps-8.14.13-1.mga8

Severity
Publication date: 24 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0116.html
Type: security
CVE: CVE-2021-32434, CVE-2021-32435, CVE-2021-32436

Related News

Ubuntu Linux 23.10 Is Adding an Important New Security Feature

Oct 11, 2023

Ubuntu Core as an Immutable Linux Desktop Base

Jun 6, 2023

X.Org DoS, Code Execution Vulns Fixed

Aug 3, 2023

Linux Kernel DoS, Code Execution, Info Disclosure Vulns Fixed

Jul 6, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo