Updated sdcc packages fix a security vulnerability

2014-08-2214:58:14

Gentoo Foundation

advisories.mageia.org

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.023 Low

EPSS

Percentile

89.6%

JSON

Integer overflow, leading to heap-buffer overflow by processing certain file headers via bfd binary. (CVE-2012-3509) A nonfree package is also now available, which provides components that cannot be included in the core repository. In addition, this update obsoletes sdcc2.9, which is old and probably has the same security vulnerability.

OSVersionArchitecturePackageVersionFilename
Mageia3noarchsdcc< 3.4.0-6sdcc-3.4.0-6.mga3
Mageia3noarchsdcc< 3.4.0-6sdcc-3.4.0-6.mga3.nonfree
Mageia4noarchsdcc< 3.4.0-6sdcc-3.4.0-6.mga4
Mageia4noarchsdcc< 3.4.0-6sdcc-3.4.0-6.mga4.nonfree

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	sdcc	< 3.4.0-6	sdcc-3.4.0-6.mga3
Mageia	3	noarch	sdcc	< 3.4.0-6	sdcc-3.4.0-6.mga3.nonfree
Mageia	4	noarch	sdcc	< 3.4.0-6	sdcc-3.4.0-6.mga4
Mageia	4	noarch	sdcc	< 3.4.0-6	sdcc-3.4.0-6.mga4.nonfree