Описание
Security update for transfig
This update for transfig fixes the following issues:
Security issue fixed:
- CVE-2019-14275: Fixed stack-based buffer overflow in the calc_arrow function (bsc#1143650).
- CVE-2018-16140: Fixed a buffer underwrite vulnerability in get_line() in read.c, which allowed an attacker to write prior to the beginning of the buffer via specially crafted .fig file (bsc#1106531)
Список пакетов
SUSE Linux Enterprise Server 12 SP4
transfig-3.2.5e-2.8.2
SUSE Linux Enterprise Server 12 SP5
transfig-3.2.5e-2.8.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4
transfig-3.2.5e-2.8.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
transfig-3.2.5e-2.8.2
Ссылки
- Link for SUSE-SU-2020:1806-1
- E-Mail link for SUSE-SU-2020:1806-1
- SUSE Security Ratings
- SUSE Bug 1106531
- SUSE Bug 1143650
- SUSE CVE CVE-2018-16140 page
- SUSE CVE CVE-2019-14275 page
Описание
A buffer underwrite vulnerability in get_line() (read.c) in fig2dev 3.2.7a allows an attacker to write prior to the beginning of the buffer via a crafted .fig file.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:transfig-3.2.5e-2.8.2
SUSE Linux Enterprise Server 12 SP5:transfig-3.2.5e-2.8.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4:transfig-3.2.5e-2.8.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5:transfig-3.2.5e-2.8.2
Ссылки
- CVE-2018-16140
- SUSE Bug 1106531
Описание
Xfig fig2dev 3.2.7a has a stack-based buffer overflow in the calc_arrow function in bound.c.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP4:transfig-3.2.5e-2.8.2
SUSE Linux Enterprise Server 12 SP5:transfig-3.2.5e-2.8.2
SUSE Linux Enterprise Server for SAP Applications 12 SP4:transfig-3.2.5e-2.8.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5:transfig-3.2.5e-2.8.2
Ссылки
- CVE-2019-14275
- SUSE Bug 1143650