Описание
Security update for libraw
This update for libraw fixes the following issues:
Security issues fixed:
- CVE-2018-20365: Fixed a heap-based buffer overflow in the raw2image function of libraw_cxx.cpp (bsc#1120500)
- CVE-2018-20364: Fixed a NULL pointer dereference in the copy_bayer function of libraw_cxx.cpp (bsc#1120499)
- CVE-2018-20363: Fixed a NULL pointer dereference in the raw2image function of libraw_cxx.cpp (bsc#1120498)
- CVE-2018-5817: Fixed an infinite loop in the unpacked_load_raw function of dcraw_common.cpp (bsc#1120515)
- CVE-2018-5818: Fixed an infinite loop in the parse_rollei function of dcraw_common.cpp (bsc#1120516)
- CVE-2018-5819: Fixed a denial of service in the parse_sinar_ia function of dcraw_common.cpp (bsc#1120517)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libraw9-0.15.4-30.1
SUSE Linux Enterprise Desktop 12 SP4
libraw9-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libraw-devel-0.15.4-30.1
libraw-devel-static-0.15.4-30.1
libraw9-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libraw-devel-0.15.4-30.1
libraw-devel-static-0.15.4-30.1
libraw9-0.15.4-30.1
SUSE Linux Enterprise Workstation Extension 12 SP3
libraw9-0.15.4-30.1
SUSE Linux Enterprise Workstation Extension 12 SP4
libraw9-0.15.4-30.1
Ссылки
- Link for SUSE-SU-2019:0127-1
- E-Mail link for SUSE-SU-2019:0127-1
- SUSE Security Ratings
- SUSE Bug 1120498
- SUSE Bug 1120499
- SUSE Bug 1120500
- SUSE Bug 1120515
- SUSE Bug 1120516
- SUSE Bug 1120517
- SUSE CVE CVE-2018-20363 page
- SUSE CVE CVE-2018-20364 page
- SUSE CVE CVE-2018-20365 page
- SUSE CVE CVE-2018-5817 page
- SUSE CVE CVE-2018-5818 page
- SUSE CVE CVE-2018-5819 page
Описание
LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-30.1
SUSE Linux Enterprise Desktop 12 SP4:libraw9-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-30.1
Ссылки
- CVE-2018-20363
- SUSE Bug 1120498
Описание
LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer dereference.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-30.1
SUSE Linux Enterprise Desktop 12 SP4:libraw9-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-30.1
Ссылки
- CVE-2018-20364
- SUSE Bug 1120499
Описание
LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-30.1
SUSE Linux Enterprise Desktop 12 SP4:libraw9-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-30.1
Ссылки
- CVE-2018-20365
- SUSE Bug 1120498
- SUSE Bug 1120499
- SUSE Bug 1120500
Описание
A type confusion error within the "unpacked_load_raw()" function within LibRaw versions prior to 0.19.1 (internal/dcraw_common.cpp) can be exploited to trigger an infinite loop.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-30.1
SUSE Linux Enterprise Desktop 12 SP4:libraw9-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-30.1
Ссылки
- CVE-2018-5817
- SUSE Bug 1120515
Описание
An error within the "parse_rollei()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to trigger an infinite loop.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-30.1
SUSE Linux Enterprise Desktop 12 SP4:libraw9-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-30.1
Ссылки
- CVE-2018-5818
- SUSE Bug 1120516
Описание
An error within the "parse_sinar_ia()" function (internal/dcraw_common.cpp) within LibRaw versions prior to 0.19.1 can be exploited to exhaust available CPU resources.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libraw9-0.15.4-30.1
SUSE Linux Enterprise Desktop 12 SP4:libraw9-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-0.15.4-30.1
SUSE Linux Enterprise Software Development Kit 12 SP3:libraw-devel-static-0.15.4-30.1
Ссылки
- CVE-2018-5819
- SUSE Bug 1120517