|
|
Log in / Subscribe / Register

Mageia alert MGASA-2017-0225 (libmtp, libgphoto)



From:
    	      Mageia Updates <buildsystem-daemon@mageia.org> 


To:
    	      updates-announce@ml.mageia.org 


Subject:
    	      [updates-announce] MGASA-2017-0225: Updated libmtp and libgphoto packages fix security vulnerabilities 


Date:
    	      Fri, 28 Jul 2017 20:12:59 +0200


Message-ID:
    	      <20170728181259.577AE9F88C@duvel.mageia.org>


MGASA-2017-0225 - Updated libmtp and libgphoto packages fix security vulnerabilities

Publication date: 28 Jul 2017
URL: http://advisories.mageia.org/MGASA-2017-0225.html
Type: security
Affected Mageia releases: 5
CVE: CVE-2017-9831,
     CVE-2017-9832

Description:
An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx
function of the ptp-pack.c file of libmtp and libgphoto allows attackers
to cause a denial of service (out-of-bounds memory access) or maybe
remote code execution by inserting a mobile device into a personal
computer through a USB cable (CVE-2017-9831).

An integer overflow vulnerability in ptp-pack.c
(ptp_unpack_OPL function) of libmtp and libgphoto allows attackers to
cause a denial of service (out-of-bounds memory access) or maybe remote
code execution by inserting a mobile device into a personal computer
through a USB cable (CVE-2017-9832).

References:
- https://bugs.mageia.org/show_bug.cgi?id=21177
-
https://lists.fedoraproject.org/archives/list/package-ann...
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9831
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9832

SRPMS:
- 5/core/libmtp-1.1.8-4.1.mga5
- 5/core/libgphoto-2.5.7-1.2.mga5
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds