An update for libmaxminddb is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2 Security Advisory openeuler-security@openeuler.org openEuler security committee openEuler-SA-2021-1287 Final 1.0 1.0 2021-07-31 Initial 2021-07-31 2021-07-31 openEuler SA Tool V1.0 2021-07-31 libmaxminddb security update An update for libmaxminddb is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. The libmaxminddb library provides a C library for reading MaxMind DB files, including the GeoIP2 databases from MaxMind. This is a custom binary format designed to facilitate fast lookups of IP addresses while allowing for great flexibility in the type of data associated with an address. Security Fix(es): libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c.(CVE-2020-28241) An update for libmaxminddb is now available for openEuler-20.03-LTS-SP1 and openEuler-20.03-LTS-SP2. openEuler Security has rated this update as having a security impact of medium. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. Medium libmaxminddb https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1287 https://openeuler.org/en/security/cve/detail.html?id=CVE-2020-28241 https://nvd.nist.gov/vuln/detail/CVE-2020-28241 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 libmaxminddb-devel-1.2.0-8.oe1.aarch64.rpm libmaxminddb-help-1.2.0-8.oe1.aarch64.rpm libmaxminddb-1.2.0-8.oe1.aarch64.rpm libmaxminddb-debugsource-1.2.0-8.oe1.aarch64.rpm libmaxminddb-debuginfo-1.2.0-8.oe1.aarch64.rpm libmaxminddb-devel-1.2.0-8.oe1.aarch64.rpm libmaxminddb-help-1.2.0-8.oe1.aarch64.rpm libmaxminddb-debuginfo-1.2.0-8.oe1.aarch64.rpm libmaxminddb-1.2.0-8.oe1.aarch64.rpm libmaxminddb-debugsource-1.2.0-8.oe1.aarch64.rpm libmaxminddb-1.2.0-8.oe1.src.rpm libmaxminddb-1.2.0-8.oe1.src.rpm libmaxminddb-1.2.0-8.oe1.x86_64.rpm libmaxminddb-help-1.2.0-8.oe1.x86_64.rpm libmaxminddb-devel-1.2.0-8.oe1.x86_64.rpm libmaxminddb-debuginfo-1.2.0-8.oe1.x86_64.rpm libmaxminddb-debugsource-1.2.0-8.oe1.x86_64.rpm libmaxminddb-help-1.2.0-8.oe1.x86_64.rpm libmaxminddb-debuginfo-1.2.0-8.oe1.x86_64.rpm libmaxminddb-1.2.0-8.oe1.x86_64.rpm libmaxminddb-devel-1.2.0-8.oe1.x86_64.rpm libmaxminddb-debugsource-1.2.0-8.oe1.x86_64.rpm libmaxminddb before 1.4.3 has a heap-based buffer over-read in dump_entry_data_list in maxminddb.c. 2021-07-31 CVE-2020-28241 openEuler-20.03-LTS-SP1 openEuler-20.03-LTS-SP2 Medium 6.5 AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H libmaxminddb security update 2021-07-31 https://openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2021-1287