-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2019-9a0f02c8c8 2019-08-11 01:11:43.672867 --------------------------------------------------------------------------------
Name : upx Product : Fedora 30 Version : 3.95 Release : 4.fc30 URL : http://upx.sourceforge.net/ Summary : Ultimate Packer for eXecutables Description : UPX is a free, portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers very fast decompression. Your executables suffer no memory overhead or other drawbacks.
-------------------------------------------------------------------------------- Update Information:
Patches for CVE-2019-14295, CVE-2019-14296 -------------------------------------------------------------------------------- ChangeLog:
* Thu Aug 1 2019 Gwyn Ciesla gwync@protonmail.com - 3.95-4 - Upstream patches for CVE-2019-14295 and CVE-2019-14296. * Sat Jul 27 2019 Fedora Release Engineering releng@fedoraproject.org - 3.95-3 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild -------------------------------------------------------------------------------- References:
[ 1 ] Bug #1735673 - CVE-2019-14296 upx: denial of service in canUnpack in p_vmlinx.cpp [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1735673 [ 2 ] Bug #1735669 - CVE-2019-14295 upx: integer overflow in getElfSections function in p_vmlinx.cpp [epel-7] https://bugzilla.redhat.com/show_bug.cgi?id=1735669 [ 3 ] Bug #1735672 - CVE-2019-14296 upx: denial of service in canUnpack in p_vmlinx.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1735672 [ 4 ] Bug #1735668 - CVE-2019-14295 upx: integer overflow in getElfSections function in p_vmlinx.cpp [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1735668 --------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2019-9a0f02c8c8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------