Описание
Security update for libgxps
This update for libgxps fixes the following issues:
- CVE-2018-10733: Fixed a heap-based buffer over-read issue in ft_font_face_hash (bsc#1092125).
Список пакетов
SUSE Linux Enterprise Server 12 SP4
libgxps2-0.2.2-10.3.5
SUSE Linux Enterprise Server 12 SP5
libgxps2-0.2.2-10.3.5
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libgxps2-0.2.2-10.3.5
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libgxps2-0.2.2-10.3.5
SUSE Linux Enterprise Software Development Kit 12 SP4
libgxps-devel-0.2.2-10.3.5
typelib-1_0-GXPS-0_1-0.2.2-10.3.5
SUSE Linux Enterprise Software Development Kit 12 SP5
libgxps-devel-0.2.2-10.3.5
typelib-1_0-GXPS-0_1-0.2.2-10.3.5
Ссылки
- Link for SUSE-SU-2020:1687-1
- E-Mail link for SUSE-SU-2020:1687-1
- SUSE Security Ratings
- SUSE Bug 1092125
- SUSE CVE CVE-2018-10733 page
Описание
There is a heap-based buffer over-read in the function ft_font_face_hash of gxps-fonts.c in libgxps through 0.3.0. A crafted input will lead to a remote denial of service attack.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:libgxps2-0.2.2-10.3.5
SUSE Linux Enterprise Server 12 SP5:libgxps2-0.2.2-10.3.5
SUSE Linux Enterprise Server for SAP Applications 12 SP4:libgxps2-0.2.2-10.3.5
SUSE Linux Enterprise Server for SAP Applications 12 SP5:libgxps2-0.2.2-10.3.5
Ссылки
- CVE-2018-10733
- SUSE Bug 1092125