SUSE-SU-2019:1955-1

Опубликовано: 23 июл. 2019

Источник: suse-cvrf

Описание

Security update for bzip2

This update for bzip2 fixes the following issues:

Security issue fixed:

CVE-2019-12900: Fixed an out-of-bounds write in decompress.c with many selectors (bsc#1139083).
CVE-2016-3189: Fixed a use-after-free in bzip2recover (bsc#985657).

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1

libbz2-1-1.0.6-30.5.1

Container suse/ltss/sle12.5/sles12sp5:latest

libbz2-1-1.0.6-30.5.1

Container suse/sles12sp3:latest

libbz2-1-1.0.6-30.5.1

Container suse/sles12sp4:latest

libbz2-1-1.0.6-30.5.1

Container suse/sles12sp5:latest

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-Azure-BYOS

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-EC2-HVM-BYOS

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-GCE-BYOS

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-OCI-BYOS

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-SAP-Azure

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-SAP-Azure-BYOS

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-SAP-EC2-HVM

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-SAP-GCE

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-SAP-GCE-BYOS

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP4-SAP-OCI-BYOS

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-Azure-BYOS

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-Azure-Basic-On-Demand

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-Azure-HPC-BYOS

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-Azure-HPC-On-Demand

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-Azure-SAP-BYOS

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-Azure-SAP-On-Demand

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-Azure-Standard-On-Demand

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-EC2-BYOS

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-EC2-ECS-On-Demand

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-EC2-On-Demand

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-EC2-SAP-BYOS

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-EC2-SAP-On-Demand

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-GCE-BYOS

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-GCE-On-Demand

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-GCE-SAP-BYOS

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-GCE-SAP-On-Demand

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-OCI-BYOS-BYOS

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

SUSE Enterprise Storage 4

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Enterprise Storage 5

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Desktop 12 SP4

bzip2-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Server 12 SP1-LTSS

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Server 12 SP2-BCL

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Server 12 SP2-LTSS

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Server 12 SP3-LTSS

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Server 12 SP4

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Server for SAP Applications 12 SP1

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Server for SAP Applications 12 SP3

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE Linux Enterprise Software Development Kit 12 SP4

libbz2-devel-1.0.6-30.5.1

SUSE OpenStack Cloud 7

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

SUSE OpenStack Cloud 8

bzip2-1.0.6-30.5.1

bzip2-doc-1.0.6-30.5.1

libbz2-1-1.0.6-30.5.1

libbz2-1-32bit-1.0.6-30.5.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20191955-1/
Link for SUSE-SU-2019:1955-1
https://lists.suse.com/pipermail/sle-security-updates/2019-July/005739.html
E-Mail link for SUSE-SU-2019:1955-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1139083
SUSE Bug 1139083
https://bugzilla.suse.com/985657
SUSE Bug 985657
https://www.suse.com/security/cve/CVE-2016-3189/
SUSE CVE CVE-2016-3189 page
https://www.suse.com/security/cve/CVE-2019-12900/
SUSE CVE CVE-2019-12900 page

Описание

Use-after-free vulnerability in bzip2recover in bzip2 1.0.6 allows remote attackers to cause a denial of service (crash) via a crafted bzip2 file, related to block ends set to before the start of the block.

Затронутые продукты

Container caasp/v4/nginx-ingress-controller:beta1:libbz2-1-1.0.6-30.5.1

Container suse/ltss/sle12.5/sles12sp5:latest:libbz2-1-1.0.6-30.5.1

Container suse/sles12sp3:latest:libbz2-1-1.0.6-30.5.1

Container suse/sles12sp4:latest:libbz2-1-1.0.6-30.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-3189.html
CVE-2016-3189
https://bugzilla.suse.com/985657
SUSE Bug 985657

Описание

BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.

Затронутые продукты

Container caasp/v4/nginx-ingress-controller:beta1:libbz2-1-1.0.6-30.5.1

Container suse/ltss/sle12.5/sles12sp5:latest:libbz2-1-1.0.6-30.5.1

Container suse/sles12sp3:latest:libbz2-1-1.0.6-30.5.1

Container suse/sles12sp4:latest:libbz2-1-1.0.6-30.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-12900.html
CVE-2019-12900
https://bugzilla.suse.com/1139083
SUSE Bug 1139083
https://bugzilla.suse.com/1141513
SUSE Bug 1141513
https://bugzilla.suse.com/1149458
SUSE Bug 1149458

SUSE-SU-2019:1955-1

Описание

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1

Container suse/ltss/sle12.5/sles12sp5:latest

Container suse/sles12sp3:latest

Container suse/sles12sp4:latest

Container suse/sles12sp5:latest

Image SLES12-SP4-Azure-BYOS

Image SLES12-SP4-EC2-HVM-BYOS

Image SLES12-SP4-GCE-BYOS

Image SLES12-SP4-OCI-BYOS

Image SLES12-SP4-SAP-Azure

Image SLES12-SP4-SAP-Azure-BYOS

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES12-SP4-SAP-EC2-HVM

Image SLES12-SP4-SAP-EC2-HVM-BYOS

Image SLES12-SP4-SAP-GCE

Image SLES12-SP4-SAP-GCE-BYOS

Image SLES12-SP4-SAP-OCI-BYOS

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-Basic-On-Demand

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-ECS-On-Demand

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-OCI-BYOS-BYOS

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Enterprise Storage 4

SUSE Enterprise Storage 5

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP1-LTSS

SUSE Linux Enterprise Server 12 SP2-BCL

SUSE Linux Enterprise Server 12 SP2-LTSS

SUSE Linux Enterprise Server 12 SP3-LTSS

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP1

SUSE Linux Enterprise Server for SAP Applications 12 SP2

SUSE Linux Enterprise Server for SAP Applications 12 SP3

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE OpenStack Cloud 7

SUSE OpenStack Cloud 8

Ссылки

Уязвимость: CVE-2016-3189

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-12900

Описание

Затронутые продукты

Ссылки