Описание
Security update for libraw
This update for libraw fixes the following issues:
- security update
- added patches
fix CVE-2020-15503 [bsc#1173674], lack of thumbnail size range check can lead to buffer overflow
- libraw-CVE-2020-15503.patch
Список пакетов
SUSE Linux Enterprise Workstation Extension 15 SP1
libraw-devel-0.18.9-3.11.1
libraw16-0.18.9-3.11.1
SUSE Linux Enterprise Workstation Extension 15 SP2
libraw-devel-0.18.9-3.11.1
libraw16-0.18.9-3.11.1
Ссылки
- Link for SUSE-SU-2020:2029-1
- E-Mail link for SUSE-SU-2020:2029-1
- SUSE Security Ratings
- SUSE Bug 1173674
- SUSE CVE CVE-2020-15503 page
Описание
LibRaw before 0.20-RC1 lacks a thumbnail size range check. This affects decoders/unpack_thumb.cpp, postprocessing/mem_image.cpp, and utils/thumb_utils.cpp. For example, malloc(sizeof(libraw_processed_image_t)+T.tlength) occurs without validating T.tlength.
Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15 SP1:libraw-devel-0.18.9-3.11.1
SUSE Linux Enterprise Workstation Extension 15 SP1:libraw16-0.18.9-3.11.1
SUSE Linux Enterprise Workstation Extension 15 SP2:libraw-devel-0.18.9-3.11.1
SUSE Linux Enterprise Workstation Extension 15 SP2:libraw16-0.18.9-3.11.1
Ссылки
- CVE-2020-15503
- SUSE Bug 1173674