Sicherheit: Denial of Service in libbson
Aktuelle Meldungen Distributionen
Name: Denial of Service in libbson
ID: FEDORA-2018-2062cd7548
Distribution: Fedora
Plattformen: Fedora 28
Datum: Do, 27. September 2018, 23:33
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16790
Applikationen: libbson


Fedora Update Notification
2018-09-27 17:27:18.345505

Name : libbson
Product : Fedora 28
Version : 1.9.5
Release : 3.fc28
URL : https://github.com/mongodb/libbson
Summary : Building, parsing, and iterating BSON documents
Description :
This is a library providing useful routines related to building, parsing,
and iterating BSON documents <http://bsonspec.org/>.

Update Information:

This release fixes a heap-based buffer over-read when parsing a mallformed BSON
document (CVE-2018-16790).

* Tue Sep 18 2018 Petr Pisar <ppisar@redhat.com> - 1.9.5-3
- Fix CVE-2018-16790 (heap-based buffer over-read in
_bson_iter_next_internal()) (bug #1627924)
* Tue May 29 2018 Petr Pisar <ppisar@redhat.com> - 1.9.5-2
- Fix memory leaks in JSON parser (CDRIVER-2524)
- Fix a buffer underflow in bson_strncpy() (CDRIVER-2596)
- Fix a buffer underflow in bson_snprintf() (CDRIVER-2595)
- Print an error when a memory allocation fails (CDRIVER-2608)
- Fix memory leaks in tests
- Fix obtaining time on 32-bit platforms (CDRIVER-2567)
- Fix a race in OID tests
* Thu May 3 2018 Petr Pisar <ppisar@redhat.com> - 1.9.5-1
- 1.9.5 bump

[ 1 ] Bug #1627923 - CVE-2018-16790 libbson: Heap-based buffer over-read in
_bson_iter_next_internal in bson-iter.c

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2018-2062cd7548' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux @Twitter
Neue Nachrichten