Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2016:3107-1

Опубликовано: 13 дек. 2016
Источник: suse-cvrf

Описание

Security update for libass

This update for libass fixes the following issues:

CVE-2016-7969, CVE-2016-7970, CVE-2016-7971, CVE-2016-7972: Fixed multiple memory allocation issues found by fuzzing (bsc#1002982).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP1
libass5-0.10.2-3.1
SUSE Linux Enterprise Desktop 12 SP2
libass5-0.10.2-3.1
SUSE Linux Enterprise Server 12 SP1
libass5-0.10.2-3.1
SUSE Linux Enterprise Server 12 SP2
libass5-0.10.2-3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libass5-0.10.2-3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libass5-0.10.2-3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libass5-0.10.2-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libass-devel-0.10.2-3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libass-devel-0.10.2-3.1

Ссылки

Описание

The wrap_lines_smart function in ass_render.c in libass before 0.13.4 allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors, related to "0/3 line wrapping equalization."

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libass5-0.10.2-3.1
SUSE Linux Enterprise Desktop 12 SP2:libass5-0.10.2-3.1
SUSE Linux Enterprise Server 12 SP1:libass5-0.10.2-3.1
SUSE Linux Enterprise Server 12 SP2:libass5-0.10.2-3.1
Ссылки

Описание

Buffer overflow in the calc_coeff function in libass/ass_blur.c in libass before 0.13.4 allows remote attackers to cause a denial of service via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libass5-0.10.2-3.1
SUSE Linux Enterprise Desktop 12 SP2:libass5-0.10.2-3.1
SUSE Linux Enterprise Server 12 SP1:libass5-0.10.2-3.1
SUSE Linux Enterprise Server 12 SP2:libass5-0.10.2-3.1
Ссылки

Описание

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libass5-0.10.2-3.1
SUSE Linux Enterprise Desktop 12 SP2:libass5-0.10.2-3.1
SUSE Linux Enterprise Server 12 SP1:libass5-0.10.2-3.1
SUSE Linux Enterprise Server 12 SP2:libass5-0.10.2-3.1
Ссылки

Описание

The check_allocations function in libass/ass_shaper.c in libass before 0.13.4 allows remote attackers to cause a denial of service (memory allocation failure) via unspecified vectors.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libass5-0.10.2-3.1
SUSE Linux Enterprise Desktop 12 SP2:libass5-0.10.2-3.1
SUSE Linux Enterprise Server 12 SP1:libass5-0.10.2-3.1
SUSE Linux Enterprise Server 12 SP2:libass5-0.10.2-3.1
Ссылки