Mageia alert MGASA-2017-0222 (valgrind)
| From: | Mageia Updates <buildsystem-daemon@mageia.org> | |
| To: | updates-announce@ml.mageia.org | |
| Subject: | [updates-announce] MGASA-2017-0222: Updated valgrind packages fix security vulnerabilities | |
| Date: | Fri, 28 Jul 2017 20:12:56 +0200 | |
| Message-ID: | <20170728181256.462509F88C@duvel.mageia.org> |
MGASA-2017-0222 - Updated valgrind packages fix security vulnerabilities Publication date: 28 Jul 2017 URL: http://advisories.mageia.org/MGASA-2017-0222.html Type: security Affected Mageia releases: 5 CVE: CVE-2016-2226, CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131 Description: It was discovered that Valgrind incorectly handled certain string operations. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could possibly execute arbitrary code (CVE-2016-2226). It was discovered that Valgrind incorrectly handled parsing certain binaries. If a user or automated system were tricked into processing a specially crafted binary, a remote attacker could use this issue to cause Valgrind to crash, resulting in a denial of service (CVE-2016-4487, CVE-2016-4488, CVE-2016-4489, CVE-2016-4490, CVE-2016-4491, CVE-2016-4492, CVE-2016-4493, CVE-2016-6131). References: - https://bugs.mageia.org/show_bug.cgi?id=21126 - https://www.ubuntu.com/usn/usn-3337-1/ - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2226 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4487 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4488 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4489 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4490 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4491 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4492 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4493 - http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6131 SRPMS: - 5/core/valgrind-3.10.1-2.1.mga5