Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0005-1

Опубликовано: 02 янв. 2019
Источник: suse-cvrf

Описание

Security update for libraw

This update for libraw fixes the following issues:

Security issues fixed:

The following security vulnerabilities were addressed:

  • CVE-2018-5813: Fixed an error within the 'parse_minolta()' function (dcraw/dcraw.c) that could be exploited to trigger an infinite loop via a specially crafted file. This could be exploited to cause a DoS.(boo#1103200).
  • CVE-2018-5815: Fixed an integer overflow in the internal/dcraw_common.cpp:parse_qt() function, that could be exploited to cause an infinite loop via a specially crafted Apple QuickTime file. (boo#1103206)
  • CVE-2018-5804,CVE-2018-5816: Fixed a type confusion error in the identify function (bsc#1097975)

Список пакетов

SUSE Linux Enterprise Workstation Extension 15
libraw-devel-0.18.9-3.5.1
libraw16-0.18.9-3.5.1

Ссылки

Описание

A type confusion error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.8 can be exploited to trigger a division by zero.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15:libraw-devel-0.18.9-3.5.1
SUSE Linux Enterprise Workstation Extension 15:libraw16-0.18.9-3.5.1
Ссылки

Описание

An error within the "parse_minolta()" function (dcraw/dcraw.c) in LibRaw versions prior to 0.18.11 can be exploited to trigger an infinite loop via a specially crafted file.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15:libraw-devel-0.18.9-3.5.1
SUSE Linux Enterprise Workstation Extension 15:libraw16-0.18.9-3.5.1
Ссылки

Описание

An integer overflow error within the "parse_qt()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger an infinite loop via a specially crafted Apple QuickTime file.

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15:libraw-devel-0.18.9-3.5.1
SUSE Linux Enterprise Workstation Extension 15:libraw16-0.18.9-3.5.1
Ссылки

Описание

An integer overflow error within the "identify()" function (internal/dcraw_common.cpp) in LibRaw versions prior to 0.18.12 can be exploited to trigger a division by zero via specially crafted NOKIARAW file (Note: This vulnerability is caused due to an incomplete fix of CVE-2018-5804).

Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15:libraw-devel-0.18.9-3.5.1
SUSE Linux Enterprise Workstation Extension 15:libraw16-0.18.9-3.5.1
Ссылки
Уязвимость SUSE-SU-2019:0005-1