Lucene search

Gentoo FoundationMGASA-2014-0246

HistoryMay 30, 2014 - 11:50 a.m.

Updated libgadu package fixes CVE-2014-3775

2014-05-3011:50:20

Gentoo Foundation

advisories.mageia.org

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

JSON

Updated libgadu packages fix security vulnerability: It was discovered that libgadu incorrectly handled certain messages from file relay servers. A malicious remote server or a man in the middle could use this issue to cause applications using libgadu to crash, resulting in a denial of service, or possibly execute arbitrary code (CVE-2014-3775).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchlibgadu< 1.11.4-1libgadu-1.11.4-1.mga3
Mageia4noarchlibgadu< 1.11.4-1libgadu-1.11.4-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	libgadu	< 1.11.4-1	libgadu-1.11.4-1.mga3
Mageia	4	noarch	libgadu	< 1.11.4-1	libgadu-1.11.4-1.mga4

References

libgadu.net/releases/1.11.4.html

www.ubuntu.com/usn/usn-2215-1/

bugs.mageia.org/show_bug.cgi?id=13410

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.021 Low

EPSS

Percentile

89.3%

JSON

Related for MGASA-2014-0246