exploitDog

SUSE-SU-2020:1417-2

Опубликовано: 08 июл. 2020

Источник: suse-cvrf

Описание

Security update for freetds

This update for freetds to 1.1.36 fixes the following issues:

Security issue fixed:

CVE-2019-13508: Fixed a heap overflow that could have been caused by malicious servers sending UDT types over protocol version 5.0 (bsc#1141132).

Non-security issues fixed:

Enabled Kerberos support
Version update to 1.1.36:
- Default TDS protocol version is now 'auto'
- Improved UTF-8 performances
- TDS Pool Server is enabled
- MARS support is enabled
- NTLMv2 is enabled
- See NEWS and ChangeLog for a complete list of changes

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP1

libsybdb5-1.1.36-3.3.1

SUSE Linux Enterprise Module for Package Hub 15 SP2

libsybdb5-1.1.36-3.3.1

SUSE Linux Enterprise Module for Server Applications 15 SP2

libct4-1.1.36-3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201417-2/
Link for SUSE-SU-2020:1417-2
https://lists.suse.com/pipermail/sle-security-updates/2020-July/007103.html
E-Mail link for SUSE-SU-2020:1417-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1141132
SUSE Bug 1141132
https://www.suse.com/security/cve/CVE-2019-13508/
SUSE CVE CVE-2019-13508 page

Описание

FreeTDS through 1.1.11 has a Buffer Overflow.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP1:libsybdb5-1.1.36-3.3.1

SUSE Linux Enterprise Module for Package Hub 15 SP2:libsybdb5-1.1.36-3.3.1

SUSE Linux Enterprise Module for Server Applications 15 SP2:libct4-1.1.36-3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-13508.html
CVE-2019-13508
https://bugzilla.suse.com/1141132
SUSE Bug 1141132