Описание
Security update for tidy
This update fixes two heap-based buffer overflows in tidy/libtidy. These vulnerabilities could allow remote attackers to cause a denial of service (crash) via vectors involving a command character in an href. (CVE-2015-5522, CVE-2015-5523)
Список пакетов
SUSE Linux Enterprise Software Development Kit 12
libtidy-0_99-0-1.0.20100204cvs-25.3
libtidy-0_99-0-devel-1.0.20100204cvs-25.3
tidy-1.0.20100204cvs-25.3
Ссылки
- Link for SUSE-SU-2015:1513-1
- E-Mail link for SUSE-SU-2015:1513-1
- SUSE Security Ratings
- SUSE Bug 903962
- SUSE Bug 933588
- SUSE CVE CVE-2015-5522 page
- SUSE CVE CVE-2015-5523 page
Описание
Heap-based buffer overflow in the ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving a command character in an href.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12:libtidy-0_99-0-1.0.20100204cvs-25.3
SUSE Linux Enterprise Software Development Kit 12:libtidy-0_99-0-devel-1.0.20100204cvs-25.3
SUSE Linux Enterprise Software Development Kit 12:tidy-1.0.20100204cvs-25.3
Ссылки
- CVE-2015-5522
- SUSE Bug 933588
Описание
The ParseValue function in lexer.c in tidy before 4.9.31 allows remote attackers to cause a denial of service (crash) via vectors involving multiple whitespace characters before an empty href, which triggers a large memory allocation.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12:libtidy-0_99-0-1.0.20100204cvs-25.3
SUSE Linux Enterprise Software Development Kit 12:libtidy-0_99-0-devel-1.0.20100204cvs-25.3
SUSE Linux Enterprise Software Development Kit 12:tidy-1.0.20100204cvs-25.3
Ссылки
- CVE-2015-5523
- SUSE Bug 933588