libcomps: use after free when merging two objmrtrees

A use-after-free flaw has been discovered in libcomps in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...

RHEL 8 : yum (RHSA-2019:3583)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:3583 advisory. Yum is a command-line utility that allows the user to check for updates and automatically download and install updated RPM packages. Yum...

Moderate: Red Hat Security Advisory: yum security, bug fix, and enhancement update

An update for yum is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CV...

libcomps: use after free when merging two objmrtrees

A use-after-free flaw has been discovered in libcomps in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...

Moderate: yum security, bug fix, and enhancement update

Yum is a command-line utility that allows the user to check for updates and automatically download and install updated RPM packages. Yum automatically obtains and downloads dependencies, prompting the user for permission as necessary. The following packages have been upgraded to a later upstream...

Fedora Update for libcomps FEDORA-2019-1fccede810

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2019-3817

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...

CVE-2019-3817

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...

CVE-2019-3817

CVE-2019-3817 affects libcomps: a use-after-free in merging ObjMRTrees when reading crafted comps XML can crash the application or allow code execution. Affected: libcomps versions prior to 0.1.10. Public details come from multiple advisories (RHSA-2019:3898, RHSA-2019:3583, CESA entries) and Ope...

CVE-2019-3817

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...

OPENSUSE-SU-2019:0323-1 Security update for libcomps

This update for libcomps fixes the following issue: Security issue fixed: - CVE-2019-3817: Fixed a use-after-free vulnerability in compsobjmradix.c:compsobjmrtreeunite function where could allow to application crash or code execution bsc1122841...

OPENSUSE-SU-2019:0328-1 Security update for libcomps

This update for libcomps fixes the following issue: Security issue fixed: - CVE-2019-3817: Fixed a use-after-free vulnerability in compsobjmradix.c:compsobjmrtreeunite function where could allow to application crash or code execution bsc1122841. This update was imported from the...

Security update for libcomps (moderate)

openSUSE Security Update: Security update for libcomps Announcement ID: openSUSE-SU-2019:0328-1 Rating: moderate References: 1122841 Cross-References: CVE-2019-3817 Affected Products: openSUSE Backports SLE-15 An update that fixes one vulnerability is now available. Description: This update for...

openSUSE Security Update : libcomps (openSUSE-2019-323)

This update for libcomps fixes the following issue: Security issue fixed : - CVE-2019-3817: Fixed a use-after-free vulnerability in compsobjmradix.c:compsobjmrtreeunite function where could allow to application crash or code execution bsc1122841. %NASLMINLEVEL 70300 C Tenable Network Security, In...

openSUSE: Security Advisory for libcomps (openSUSE-SU-2019:0323-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for libcomps (moderate)

openSUSE Security Update: Security update for libcomps Announcement ID: openSUSE-SU-2019:0323-1 Rating: moderate References: 1122841 Cross-References: CVE-2019-3817 Affected Products: openSUSE Leap 15.0 An update that fixes one vulnerability is now available. Description: This update for libcomps...

[SECURITY] Fedora 29 Update: libcomps-0.1.10-2.fc29

Libcomps is library for structure-like manipulation with content of comps XML files. Supports read/write XML file, structures modification...

Fedora 29 : createrepo_c / dnf / dnf-plugins-core / dnf-plugins-extras / etc (2019-1fccede810)

createrepoc - Include file timestamp in repomd.xml to allow reproducing exact metadata as produced in the past - Support of zchunk libcomps librepo - Add zchunk support libdnf - Enhance modular solver to handle enabled and default module streams differently RhBug:1648839 - Add support of wild car...

The vulnerability of the `comps_objmrtree_unite` function in the libcomps library, which is related to memory usage after its deallocation, allows an attacker to execute arbitrary code.

The vulnerability of the compsobjmrtreeunite function in the libcomps library for working with XML files is related to the use of memory after it is freed. Exploiting this vulnerability allows a malicious actor to execute arbitrary code using a specially created XML file...

CVE-2019-3817

A use-after-free flaw has been discovered in libcomps in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code...