SUSE-SU-2018:3861-1

Опубликовано: 22 нояб. 2018

Источник: suse-cvrf

Описание

Security update for SDL_image

This update for SDL_image fixes the following issues:

Security issue fixed:

CVE-2018-3977: Fixed a heap overflow issue (bsc#1114519).

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4

SDL_image-1.2.6-84.46.1

SDL_image-devel-1.2.6-84.46.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20183861-1/
Link for SUSE-SU-2018:3861-1
https://lists.suse.com/pipermail/sle-security-updates/2018-November/004870.html
E-Mail link for SUSE-SU-2018:3861-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1114519
SUSE Bug 1114519
https://www.suse.com/security/cve/CVE-2018-3977/
SUSE CVE CVE-2018-3977 page

Описание

An exploitable code execution vulnerability exists in the XCF image rendering functionality of SDL2_image-2.0.3. A specially crafted XCF image can cause a heap overflow, resulting in code execution. An attacker can display a specially crafted image to trigger this vulnerability.

Затронутые продукты

SUSE Linux Enterprise Software Development Kit 11 SP4:SDL_image-1.2.6-84.46.1

SUSE Linux Enterprise Software Development Kit 11 SP4:SDL_image-devel-1.2.6-84.46.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-3977.html
CVE-2018-3977
https://bugzilla.suse.com/1114519
SUSE Bug 1114519

SUSE-SU-2018:3861-1

Описание

Список пакетов

SUSE Linux Enterprise Software Development Kit 11 SP4

Ссылки

Уязвимость: CVE-2018-3977

Описание

Затронутые продукты

Ссылки