MGASA-2024-0249 - Updated espeak-ng packages fix security vulnerabilities

Publication date: 02 Jul 2024
URL: https://advisories.mageia.org/MGASA-2024-0249.html
Type: security
Affected Mageia releases: 9
CVE: CVE-2023-49990,
     CVE-2023-49991,
     CVE-2023-49992,
     CVE-2023-49993,
     CVE-2023-49994

It was discovered that eSpeak NG did not properly manage memory under
certain circumstances. An attacker could possibly use this issue to cause a
denial of service, or execute arbitrary code.

References:
- https://bugs.mageia.org/show_bug.cgi?id=33348
- https://ubuntu.com/security/notices/USN-6858-1
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49990
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49991
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49992
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49993
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49994

SRPMS:
- 9/core/espeak-ng-1.51.1-1.1.mga9

Mageia 2024-0249: espeak-ng Security Advisory Updates

It was discovered that eSpeak NG did not properly manage memory under certain circumstances

Summary

It was discovered that eSpeak NG did not properly manage memory under certain circumstances. An attacker could possibly use this issue to cause a denial of service, or execute arbitrary code.

References

- https://bugs.mageia.org/show_bug.cgi?id=33348

- https://ubuntu.com/security/notices/USN-6858-1

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49990

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49991

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49992

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49993

- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49994

Resolution

MGASA-2024-0249 - Updated espeak-ng packages fix security vulnerabilities

SRPMS

- 9/core/espeak-ng-1.51.1-1.1.mga9

Severity
Publication date: 02 Jul 2024
URL: https://advisories.mageia.org/MGASA-2024-0249.html
Type: security
CVE: CVE-2023-49990, CVE-2023-49991, CVE-2023-49992, CVE-2023-49993, CVE-2023-49994

Related News