Описание
Security update for libraw
This update for libraw fixes the following issues:
Security issues fixed:
- CVE-2018-5808: Fixed a stack-based buffer overflow and code execution vulnerability in find_green() function internal/dcraw_common.cpp (bsc#1118894).
- CVE-2018-5805: Fixed a boundary error within the quicktake_100_load_raw function (bsc#1097973)
- CVE-2018-5806: Fixed a a NULL pointer dereference in the leaf_hdr_load_raw function (bsc#1097974)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libraw9-0.15.4-27.1
SUSE Linux Enterprise Desktop 12 SP4
libraw9-0.15.4-27.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libraw-devel-0.15.4-27.1
libraw-devel-static-0.15.4-27.1
libraw9-0.15.4-27.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libraw-devel-0.15.4-27.1
libraw-devel-static-0.15.4-27.1
libraw9-0.15.4-27.1
SUSE Linux Enterprise Workstation Extension 12 SP3
libraw9-0.15.4-27.1
SUSE Linux Enterprise Workstation Extension 12 SP4
libraw9-0.15.4-27.1
Ссылки
- Link for SUSE-SU-2019:0002-1
- E-Mail link for SUSE-SU-2019:0002-1
- SUSE Security Ratings
- SUSE Bug 1097973
- SUSE Bug 1097974
- SUSE Bug 1118894
- SUSE CVE CVE-2018-5805 page
- SUSE CVE CVE-2018-5806 page
- SUSE CVE CVE-2018-5808 page
Описание
A boundary error within the "quicktake_100_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to cause a stack-based buffer overflow and subsequently cause a crash.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-27.1
SUSE Linux Enterprise Desktop 12 SP4:libraw9-0.15.4-27.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-27.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-27.1
Ссылки
- CVE-2018-5805
- SUSE Bug 1097973
Описание
An error within the "leaf_hdr_load_raw()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a NULL pointer dereference.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-27.1
SUSE Linux Enterprise Desktop 12 SP4:libraw9-0.15.4-27.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-27.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-27.1
Ссылки
- CVE-2018-5806
- SUSE Bug 1097974
Описание
An error within the "find_green()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.9 can be exploited to cause a stack-based buffer overflow and subsequently execute arbitrary code.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-27.1
SUSE Linux Enterprise Desktop 12 SP4:libraw9-0.15.4-27.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-27.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-27.1
Ссылки
- CVE-2018-5808
- SUSE Bug 1117896
- SUSE Bug 1118891
- SUSE Bug 1118894