Описание
Security update for libmicrohttpd
This update for libmicrohttpd fixes the following issues:
-
CVE-2013-7038: The MHD_http_unescape function in libmicrohttpd might have allowed remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read. (bsc#854443)
-
CVE-2013-7039: Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allowed remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header. (bsc#854443)
-
Fixed various bugs found during a 2017 audit, which are more hardening measures and not security issues. (bsc#1041216)
Список пакетов
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
SUSE Linux Enterprise Software Development Kit 12 SP2
Ссылки
- Link for SUSE-SU-2017:1576-1
- E-Mail link for SUSE-SU-2017:1576-1
- SUSE Security Ratings
- SUSE Bug 1041216
- SUSE Bug 854443
- SUSE CVE CVE-2013-7038 page
- SUSE CVE CVE-2013-7039 page
Описание
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an out-of-bounds read.
Затронутые продукты
Ссылки
- CVE-2013-7038
- SUSE Bug 854443
Описание
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long URI in an authentication header.
Затронутые продукты
Ссылки
- CVE-2013-7039
- SUSE Bug 854443