Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:1832-1

Опубликовано: 27 июн. 2018
Источник: suse-cvrf

Описание

Security update for unixODBC

This update for unixODBC to version 2.3.6 fixes the following issues:

  • CVE-2018-7409: Buffer overflow in unicode_to_ansi_copy() was fixed in 2.3.5 (bsc#1082290)
  • CVE-2018-7485: Swapped arguments in SQLWriteFileDSN() in odbcinst/SQLWriteFileDSN.c (bsc#1082484)

Other fixes:

  • Enabled --enable-fastvalidate option in configure (bsc#1044970)

Список пакетов

SUSE Linux Enterprise Desktop 12 SP3
unixODBC-2.3.6-7.9.1
unixODBC-32bit-2.3.6-7.9.1
SUSE Linux Enterprise Server 12 SP3
unixODBC-2.3.6-7.9.1
unixODBC-32bit-2.3.6-7.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
unixODBC-2.3.6-7.9.1
unixODBC-32bit-2.3.6-7.9.1
SUSE Linux Enterprise Software Development Kit 12 SP3
unixODBC-devel-2.3.6-7.9.1

Описание

In unixODBC before 2.3.5, there is a buffer overflow in the unicode_to_ansi_copy() function in DriverManager/__info.c.


Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:unixODBC-2.3.6-7.9.1
SUSE Linux Enterprise Desktop 12 SP3:unixODBC-32bit-2.3.6-7.9.1
SUSE Linux Enterprise Server 12 SP3:unixODBC-2.3.6-7.9.1
SUSE Linux Enterprise Server 12 SP3:unixODBC-32bit-2.3.6-7.9.1

Ссылки

Описание

The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact.


Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:unixODBC-2.3.6-7.9.1
SUSE Linux Enterprise Desktop 12 SP3:unixODBC-32bit-2.3.6-7.9.1
SUSE Linux Enterprise Server 12 SP3:unixODBC-2.3.6-7.9.1
SUSE Linux Enterprise Server 12 SP3:unixODBC-32bit-2.3.6-7.9.1

Ссылки