MGASA-2021-0226

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0226.html

Import Source

https://advisories.mageia.org/MGASA-2021-0226.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0226

Related

CVE-2021-3405

Published

2021-06-08T14:33:02Z

Modified

2021-06-07T08:34:48Z

Summary

Updated libebml packages fix security vulnerabilities

Details

Updated libebml packages fix security vulnerabilities:

Heap use-after-free when parsing malformed file.

A flaw was found in libebml before 1.4.2. A heap overflow bug exists in the implementation of EbmlString::ReadData and EbmlUnicodeString::ReadData in libebml (CVE-2021-3405).

The mkvtoolnix, libmatroska packages have been rebuilt for the updated libebml.

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / libebml

Package

Name: libebml
Purl: pkg:rpm/mageia/libebml?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.4.2-1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / mkvtoolnix

Package

Name: mkvtoolnix
Purl: pkg:rpm/mageia/mkvtoolnix?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

32.0.0-2.1.mga7

Ecosystem specific

{
    "section": "core"
}

Mageia:7 / libmatroska

Package

Name: libmatroska
Purl: pkg:rpm/mageia/libmatroska?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.0-2.1.mga7

Ecosystem specific

{
    "section": "core"
}