Описание
Security update for libtomcrypt
This update for libtomcrypt fixes the following issues:
- CVE-2019-17362: Fixed an improper detection of invalid UTF-8 sequences that could have led to DoS or information disclosure via crafted DER-encoded data (bsc#1153433).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
libtomcrypt0-1.17-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP4
libtomcrypt0-1.17-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libtomcrypt0-1.17-3.3.1
Ссылки
- Link for SUSE-SU-2019:3095-1
- E-Mail link for SUSE-SU-2019:3095-1
- SUSE Security Ratings
- SUSE Bug 1153433
- SUSE CVE CVE-2019-17362 page
Описание
In LibTomCrypt through 1.18.2, the der_decode_utf8_string function (in der_decode_utf8_string.c) does not properly detect certain invalid UTF-8 sequences. This allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) or read information from other memory locations via carefully crafted DER-encoded data.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:libtomcrypt0-1.17-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP4:libtomcrypt0-1.17-3.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5:libtomcrypt0-1.17-3.3.1
Ссылки
- CVE-2019-17362
- SUSE Bug 1153433