SUSE-SU-2015:0508-1

Опубликовано: 05 мар. 2015

Источник: suse-cvrf

Описание

Security update for libmspack

This update fixes the following security issue:

* CVE-2014-9556: An integer overflow in the function qtmd_decompress() could have been exploited causing a denial of service (endless loop) (bnc##912214)

Security Issues:

* CVE-2014-9556 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9556>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

libmspack0-0.0.20060920alpha-74.5.1

SUSE Linux Enterprise Server 11 SP3

libmspack0-0.0.20060920alpha-74.5.1

SUSE Linux Enterprise Server 11 SP3-TERADATA

libmspack0-0.0.20060920alpha-74.5.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3

libmspack0-0.0.20060920alpha-74.5.1

SUSE Linux Enterprise Software Development Kit 11 SP3

libmspack-devel-0.0.20060920alpha-74.5.1

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20150508-1/
Link for SUSE-SU-2015:0508-1
https://lists.suse.com/pipermail/sle-security-updates/2015-March/001290.html
E-Mail link for SUSE-SU-2015:0508-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/912214
SUSE Bug 912214
https://www.suse.com/security/cve/CVE-2014-9556/
SUSE CVE CVE-2014-9556 page

Описание

Integer overflow in the qtmd_decompress function in libmspack 0.4 allows remote attackers to cause a denial of service (hang) via a crafted CAB file, which triggers an infinite loop.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:libmspack0-0.0.20060920alpha-74.5.1

SUSE Linux Enterprise Server 11 SP3-TERADATA:libmspack0-0.0.20060920alpha-74.5.1

SUSE Linux Enterprise Server 11 SP3:libmspack0-0.0.20060920alpha-74.5.1

SUSE Linux Enterprise Server for SAP Applications 11 SP3:libmspack0-0.0.20060920alpha-74.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-9556.html
CVE-2014-9556
https://bugzilla.suse.com/912214
SUSE Bug 912214
https://bugzilla.suse.com/919283
SUSE Bug 919283
https://bugzilla.suse.com/934533
SUSE Bug 934533

SUSE-SU-2015:0508-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Server 11 SP3-TERADATA

SUSE Linux Enterprise Server for SAP Applications 11 SP3

SUSE Linux Enterprise Software Development Kit 11 SP3

Ссылки

Уязвимость: CVE-2014-9556

Описание

Затронутые продукты

Ссылки