User: Password:
|
|
Subscribe / Log in / New account

Mageia alert MGASA-2014-0030 (libmicrohttpd)

From:  Mageia Updates <buildsystem-daemon@mageia.org>
To:  updates-announce@ml.mageia.org
Subject:  [updates-announce] MGASA-2014-0030: Updated libmicrohttpd package fixes security vulnerabilities
Date:  Fri, 31 Jan 2014 17:42:07 +0100
Message-ID:  <20140131164207.B0D9E4858F@valstar.mageia.org>

MGASA-2014-0030 - Updated libmicrohttpd package fixes security vulnerabilities Publication date: 31 Jan 2014 URL: http://advisories.mageia.org/MGASA-2014-0030.html Type: security Affected Mageia releases: 3 CVE: CVE-2013-7038, CVE-2013-7039 Description: The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read (CVE-2013-7038). Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header (CVE-2013-7039). References: - https://bugs.mageia.org/show_bug.cgi?id=11936 - http://secunia.com/advisories/55903/ - https://lists.fedoraproject.org/pipermail/package-announc... - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7038 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7039 SRPMS: - 3/core/libmicrohttpd-0.9.33-1.mga3


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds