Updated directfb packages fix security vulnerabilities

2015-05-0303:19:16

Gentoo Foundation

advisories.mageia.org

0.036 Low

EPSS

Percentile

91.6%

JSON

Updated directfb packages fix security vulnerabilities: Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow (CVE-2014-2977). The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write (CVE-2014-2978).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchdirectfb< 1.7.0-2.1directfb-1.7.0-2.1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	directfb	< 1.7.0-2.1	directfb-1.7.0-2.1.mga4

References

lists.opensuse.org/opensuse-updates/2015-04/msg00060.html

bugs.mageia.org/show_bug.cgi?id=13391

0.036 Low

EPSS

Percentile

91.6%

JSON

Related for MGASA-2015-0176