Описание
Security update for lhasa
lhasa was updated to fix one security issue.
This security issue was fixed:
- CVE-2016-2347: decode_level3_header heap corruption vulnerability (bsc#973790).
Список пакетов
SUSE Linux Enterprise Desktop 12
lhasa-0.2.0-5.1
liblhasa0-0.2.0-5.1
SUSE Linux Enterprise Desktop 12 SP1
lhasa-0.2.0-5.1
liblhasa0-0.2.0-5.1
SUSE Linux Enterprise Software Development Kit 12
lhasa-devel-0.2.0-5.1
liblhasa0-0.2.0-5.1
SUSE Linux Enterprise Software Development Kit 12 SP1
lhasa-devel-0.2.0-5.1
liblhasa0-0.2.0-5.1
SUSE Linux Enterprise Workstation Extension 12
lhasa-0.2.0-5.1
liblhasa0-0.2.0-5.1
SUSE Linux Enterprise Workstation Extension 12 SP1
lhasa-0.2.0-5.1
liblhasa0-0.2.0-5.1
Ссылки
- Link for SUSE-SU-2016:1091-1
- E-Mail link for SUSE-SU-2016:1091-1
- SUSE Security Ratings
- SUSE Bug 973790
- SUSE CVE CVE-2016-2347 page
Описание
Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:lhasa-0.2.0-5.1
SUSE Linux Enterprise Desktop 12 SP1:liblhasa0-0.2.0-5.1
SUSE Linux Enterprise Desktop 12:lhasa-0.2.0-5.1
SUSE Linux Enterprise Desktop 12:liblhasa0-0.2.0-5.1
Ссылки
- CVE-2016-2347
- SUSE Bug 973790