Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 553
Alerts This Week
Warning Icon 1 553

Mageia 8 MGASA-2023-0052 Moderate: UPX Denial Of Service Issue

mageia
Calendar Grey February 20, 2023
Dist Mageia Esm H88
Mageia 8: MGASA-2023-0055 enhances the network stack to fix security vulnerabilities that can lead to data leaks and unauthorized access, ensuring better protection for user data.
Denial of service due to heap-based buffer overflow issue in UPX in PackTmt::pack() in p_tmt.cpp file

Summary

Denial of service due to heap-based buffer overflow issue in UPX in PackTmt::pack() in p_tmt.cpp file. (CVE-2023-23456) Denial of service due to segmentation fault in UPX in PackLinuxElf64::invert_pt_dynamic() in p_lx_elf.cpp. (CVE-2023-23457)

References

- https://bugs.mageia.org/show_bug.cgi?id=31449

-

- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/TGEP3FBNRZXGLIA2B2ICMB32JVMPREFZ/

- https://www.cve.org/CVERecord?id=CVE-2023-23456

- https://www.cve.org/CVERecord?id=CVE-2023-23457

Resolution

SRPMS

- 8/core/upx-4.0.2-1.mga8

Publication date: 20 Feb 2023
URL: https://advisories.mageia.org/MGASA-2023-0052.html
Type: security
CVE: CVE-2023-23456, CVE-2023-23457

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.