Описание
Security update for netpbm
This update for netpbm fixes the following issues:
Security bugs:
- CVE-2017-2586: A NULL pointer dereference in stringToUint function could lead to a denial of service (abort) problem when processing malformed images. [bsc#1024292]
- CVE-2017-2581: A out-of-bounds write in writeRasterPbm() could be used by attackers to crash the decoder or potentially execute code. [bsc#1024287]
- CVE-2017-2587: A insufficient size check of memory allocation in createCanvas() function could be used for a denial of service attack (memory exhaustion) [bsc#1024294]
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libnetpbm11-10.66.3-7.1
libnetpbm11-32bit-10.66.3-7.1
netpbm-10.66.3-7.1
SUSE Linux Enterprise Server 12 SP2
libnetpbm11-10.66.3-7.1
libnetpbm11-32bit-10.66.3-7.1
netpbm-10.66.3-7.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libnetpbm11-10.66.3-7.1
netpbm-10.66.3-7.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libnetpbm11-10.66.3-7.1
libnetpbm11-32bit-10.66.3-7.1
netpbm-10.66.3-7.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libnetpbm-devel-10.66.3-7.1
Ссылки
- Link for SUSE-SU-2017:1603-1
- E-Mail link for SUSE-SU-2017:1603-1
- SUSE Security Ratings
- SUSE Bug 1024287
- SUSE Bug 1024292
- SUSE Bug 1024294
- SUSE CVE CVE-2017-2581 page
- SUSE CVE CVE-2017-2586 page
- SUSE CVE CVE-2017-2587 page
Описание
An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libnetpbm11-10.66.3-7.1
SUSE Linux Enterprise Desktop 12 SP2:libnetpbm11-32bit-10.66.3-7.1
SUSE Linux Enterprise Desktop 12 SP2:netpbm-10.66.3-7.1
SUSE Linux Enterprise Server 12 SP2:libnetpbm11-10.66.3-7.1
Ссылки
- CVE-2017-2581
- SUSE Bug 1024287
Описание
A null pointer dereference vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libnetpbm11-10.66.3-7.1
SUSE Linux Enterprise Desktop 12 SP2:libnetpbm11-32bit-10.66.3-7.1
SUSE Linux Enterprise Desktop 12 SP2:netpbm-10.66.3-7.1
SUSE Linux Enterprise Server 12 SP2:libnetpbm11-10.66.3-7.1
Ссылки
- CVE-2017-2586
- SUSE Bug 1024287
- SUSE Bug 1024292
Описание
A memory allocation vulnerability was found in netpbm before 10.61. A maliciously crafted SVG file could cause the application to crash.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libnetpbm11-10.66.3-7.1
SUSE Linux Enterprise Desktop 12 SP2:libnetpbm11-32bit-10.66.3-7.1
SUSE Linux Enterprise Desktop 12 SP2:netpbm-10.66.3-7.1
SUSE Linux Enterprise Server 12 SP2:libnetpbm11-10.66.3-7.1
Ссылки
- CVE-2017-2587
- SUSE Bug 1024287
- SUSE Bug 1024294