MGASA-2022-0116 - Updated abcm2ps packages fix security vulnerability

Publication date: 24 Mar 2022
URL: https://advisories.mageia.org/MGASA-2022-0116.html
Type: security
Affected Mageia releases: 8
CVE: CVE-2021-32434,
     CVE-2021-32435,
     CVE-2021-32436

abcm2ps v8.14.11 was discovered to contain an out-of-bounds read in the
function calculate_beam at draw.c. (CVE-2021-32434)
Stack-based buffer overflow in the function get_key in parse.c of abcm2ps
v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via
unspecified vectors. (CVE-2021-32435)
An out-of-bounds read in the function write_title() in subs.c of abcm2ps
v8.14.11 allows remote attackers to cause a Denial of Service (DoS) via
unspecified vectors. (CVE-2021-32436)

References:
- https://bugs.mageia.org/show_bug.cgi?id=30195
- https://lists.fedoraproject.org/archives/list/[email protected]/thread/6333SXWMES3K22DBAOAW34G6EU6WIJEY/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32434
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32435
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32436

SRPMS:
- 8/core/abcm2ps-8.14.13-1.mga8