SB2018022816 - Memory corruption in patch (Alpine package)
Published: February 28, 2018
Security Bulletin ID
SB2018022816
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Memory corruption (CVE-ID: CVE-2016-10713)
The vulnerability allows a local attacker to cause DoS condition on the target system.The weakness exists due to out-of-bounds access within pch_write_line() in pch.c. A local attacker can supply a specially crafted input, trigger memory corruption and cause the system to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=41a24dac7ccf8c69b0e3b4b4409a736aefb3dfd5
- https://git.alpinelinux.org/aports/commit/?id=7b507d3e2665bd8c0a6bdb5391230a039ad12de3
- https://git.alpinelinux.org/aports/commit/?id=84c727e632d68b6ae25b713e7fc3c6c9fda3aae5
- https://git.alpinelinux.org/aports/commit/?id=c1e3fa7f5f3303a13a62d5485d7d3c8cc752ecf3
- https://git.alpinelinux.org/aports/commit/?id=58fc65d2b14f59efea945f9dc2dc39d9db45d72e