[Buildroot] [PATCH 1/1] package/upx: fix CVE-2021-20285
Peter Korsgaard
peter at korsgaard.com
Sun Apr 4 19:11:39 UTC 2021
>>>>> "Fabrice" == Fabrice Fontaine <fontaine.fabrice at gmail.com> writes:
> A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw
> allows attackers to cause a denial of service (SEGV or buffer overflow
> and application crash) or possibly have unspecified other impacts via a
> crafted ELF. The highest threat from this vulnerability is to system
> availability.
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Committed to 2020.02.x, 2020.11.x and 2021.02.x, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list