Описание
Security update for libXcursor
This update for libXcursor fixes the following issues:
Security issue fixed:
- CVE-2017-16612: Fix integeroverflow while parsing images and a signedness issue while parsing comments (bsc#1065386).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
libXcursor1-1.1.14-4.3.1
libXcursor1-32bit-1.1.14-4.3.1
SUSE Linux Enterprise Desktop 12 SP3
libXcursor1-1.1.14-4.3.1
libXcursor1-32bit-1.1.14-4.3.1
SUSE Linux Enterprise Server 12 SP2
libXcursor1-1.1.14-4.3.1
libXcursor1-32bit-1.1.14-4.3.1
SUSE Linux Enterprise Server 12 SP3
libXcursor1-1.1.14-4.3.1
libXcursor1-32bit-1.1.14-4.3.1
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
libXcursor1-1.1.14-4.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
libXcursor1-1.1.14-4.3.1
libXcursor1-32bit-1.1.14-4.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libXcursor1-1.1.14-4.3.1
libXcursor1-32bit-1.1.14-4.3.1
SUSE Linux Enterprise Software Development Kit 12 SP2
libXcursor-devel-1.1.14-4.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libXcursor-devel-1.1.14-4.3.1
Ссылки
- Link for SUSE-SU-2017:3214-1
- E-Mail link for SUSE-SU-2017:3214-1
- SUSE Security Ratings
- SUSE Bug 1065386
- SUSE CVE CVE-2017-16612 page
Описание
libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:libXcursor1-1.1.14-4.3.1
SUSE Linux Enterprise Desktop 12 SP2:libXcursor1-32bit-1.1.14-4.3.1
SUSE Linux Enterprise Desktop 12 SP3:libXcursor1-1.1.14-4.3.1
SUSE Linux Enterprise Desktop 12 SP3:libXcursor1-32bit-1.1.14-4.3.1
Ссылки
- CVE-2017-16612
- SUSE Bug 1065386
- SUSE Bug 1159415