Описание
Security update for DirectFB
DirectFB was updated to fix two security issues.
The following vulnerabilities were fixed:
- CVE-2014-2977: Multiple integer signedness errors could allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
- CVE-2014-2978: Remote attackers could cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
Список пакетов
SUSE Linux Enterprise Desktop 12
DirectFB-1.7.1-4.1
lib++dfb-1_7-1-1.7.1-4.1
libdirectfb-1_7-1-1.7.1-4.1
libdirectfb-1_7-1-32bit-1.7.1-4.1
SUSE Linux Enterprise Server 12
DirectFB-1.7.1-4.1
lib++dfb-1_7-1-1.7.1-4.1
libdirectfb-1_7-1-1.7.1-4.1
SUSE Linux Enterprise Server for SAP Applications 12
DirectFB-1.7.1-4.1
lib++dfb-1_7-1-1.7.1-4.1
libdirectfb-1_7-1-1.7.1-4.1
SUSE Linux Enterprise Software Development Kit 12
DirectFB-devel-1.7.1-4.1
lib++dfb-devel-1.7.1-4.1
SUSE Linux Enterprise Workstation Extension 12
libdirectfb-1_7-1-32bit-1.7.1-4.1
Ссылки
- Link for SUSE-SU-2015:0839-1
- E-Mail link for SUSE-SU-2015:0839-1
- SUSE Security Ratings
- SUSE Bug 878345
- SUSE Bug 878349
- SUSE CVE CVE-2014-2977 page
- SUSE CVE CVE-2014-2978 page
Описание
Multiple integer signedness errors in the Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.13 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers a stack-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:DirectFB-1.7.1-4.1
SUSE Linux Enterprise Desktop 12:lib++dfb-1_7-1-1.7.1-4.1
SUSE Linux Enterprise Desktop 12:libdirectfb-1_7-1-1.7.1-4.1
SUSE Linux Enterprise Desktop 12:libdirectfb-1_7-1-32bit-1.7.1-4.1
Ссылки
- CVE-2014-2977
- SUSE Bug 878345
Описание
The Dispatch_Write function in proxy/dispatcher/idirectfbsurface_dispatcher.c in DirectFB 1.4.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Voodoo interface, which triggers an out-of-bounds write.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:DirectFB-1.7.1-4.1
SUSE Linux Enterprise Desktop 12:lib++dfb-1_7-1-1.7.1-4.1
SUSE Linux Enterprise Desktop 12:libdirectfb-1_7-1-1.7.1-4.1
SUSE Linux Enterprise Desktop 12:libdirectfb-1_7-1-32bit-1.7.1-4.1
Ссылки
- CVE-2014-2978
- SUSE Bug 878349