From d934827bf44b7cfcf6711964418148fa60877668 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Wed, 25 Nov 2020 22:39:15 +0000 Subject: gentoo resync : 25.11.2020 --- metadata/glsa/glsa-202011-15.xml | 52 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) create mode 100644 metadata/glsa/glsa-202011-15.xml (limited to 'metadata/glsa/glsa-202011-15.xml') diff --git a/metadata/glsa/glsa-202011-15.xml b/metadata/glsa/glsa-202011-15.xml new file mode 100644 index 000000000000..91f3acadcd3b --- /dev/null +++ b/metadata/glsa/glsa-202011-15.xml @@ -0,0 +1,52 @@ + + + + libmaxminddb: Denial of service + A vulnerability in libmaxminddb could lead to a Denial of Service + condition. + + libmaxminddb + 2020-11-14 + 2020-11-14 + 753275 + remote + + + 1.4.3 + 1.4.3 + + + +

The libmaxminddb library provides a C library for reading MaxMind DB + files, including the GeoIP2 databases from MaxMind. +

+ + +

libmaxminddb used uninitialised memory when reading from a corrupt + database file. +

+ + +

A remote attacker could entice a user to use a specially crafted + database with libmaxminddb, possibly resulting in a Denial of Service + condition. +

+ + +

There is no known workaround at this time.

+ + +

All libmaxminddb users should upgrade to the latest version:

+ + + # emerge --sync + # emerge --ask --oneshot --verbose ">=dev-libs/libmaxminddb-1.4.3" + + + + + CVE-2020-28241 + + sam_c + sam_c + -- cgit v1.2.3