Описание
Security update for transfig
This update for transfig fixes the following issues:
Security issue fixed:
- CVE-2017-16899: Fix array index error in the fig2dev program (bsc#1069257).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP2
transfig-3.2.5e-2.3.2
SUSE Linux Enterprise Desktop 12 SP3
transfig-3.2.5e-2.3.2
SUSE Linux Enterprise Server 12 SP2
transfig-3.2.5e-2.3.2
SUSE Linux Enterprise Server 12 SP3
transfig-3.2.5e-2.3.2
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
transfig-3.2.5e-2.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP2
transfig-3.2.5e-2.3.2
SUSE Linux Enterprise Server for SAP Applications 12 SP3
transfig-3.2.5e-2.3.2
Ссылки
- Link for SUSE-SU-2018:0231-1
- E-Mail link for SUSE-SU-2018:0231-1
- SUSE Security Ratings
- SUSE Bug 1069257
- SUSE CVE CVE-2017-16899 page
Описание
An array index error in the fig2dev program in Xfig 3.2.6a allows remote attackers to cause a denial-of-service attack or information disclosure with a maliciously crafted Fig format file, related to a negative font value in dev/gentikz.c, and the read_textobject functions in read.c and read1_3.c.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP2:transfig-3.2.5e-2.3.2
SUSE Linux Enterprise Desktop 12 SP3:transfig-3.2.5e-2.3.2
SUSE Linux Enterprise Server 12 SP2:transfig-3.2.5e-2.3.2
SUSE Linux Enterprise Server 12 SP3:transfig-3.2.5e-2.3.2
Ссылки
- CVE-2017-16899
- SUSE Bug 1069257