Lucene search

Gentoo FoundationMGASA-2014-0074

HistoryFeb 16, 2014 - 5:23 p.m.

Updated libgadu packages fix security vulnerability

2014-02-1617:23:36

Gentoo Foundation

advisories.mageia.org

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.023

Percentile

89.7%

JSON

A malicious server or man-in-the-middle could send a large value for Content-Length and cause an integer overflow which could lead to a buffer overflow in Gadu-Gadu HTTP parsing (CVE-2013-6487).

OSVersionArchitecturePackageVersionFilename
Mageia3noarchlibgadu< 1.11.3-1libgadu-1.11.3-1.mga3
Mageia4noarchlibgadu< 1.11.3-1libgadu-1.11.3-1.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	3	noarch	libgadu	< 1.11.3-1	libgadu-1.11.3-1.mga3
Mageia	4	noarch	libgadu	< 1.11.3-1	libgadu-1.11.3-1.mga4

References

libgadu.net/releases/1.11.3.html

www.debian.org/security/2014/dsa-2852

bugs.mageia.org/show_bug.cgi?id=12709

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

EPSS

0.023

Percentile

89.7%

JSON

Related for MGASA-2014-0074