ASA-201805-19 log generated external raw

[ASA-201805-19] libofx: denial of service
Arch Linux Security Advisory ASA-201805-19 ========================================== Severity: Medium Date : 2018-05-20 CVE-ID : CVE-2017-14731 Package : libofx Type : denial of service Remote : Yes Link : Summary ======= The package libofx before version 0.9.13-1 is vulnerable to denial of service. Resolution ========== Upgrade to 0.9.13-1. # pacman -Syu "libofx>=0.9.13-1" The problem has been fixed upstream in version 0.9.13. Workaround ========== None. Description =========== ofx_proc_file in ofx_preproc.cpp in LibOFX 0.9.12 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file, as demonstrated by an ofxdump call. Impact ====== A remote attacker is able to cause a denial of service via a specially crafted file. References ==========