SUSE-SU-2020:2296-1

Опубликовано: 24 авг. 2020

Источник: suse-cvrf

Описание

Security update for gettext-runtime

This update for gettext-runtime fixes the following issues:

Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629)
Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719)
Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843)

Список пакетов

Container suse/sles/15.2/virt-handler:0.38.1

gettext-runtime-0.19.8.1-4.8.1

Container suse/sles/15.2/virt-launcher:0.38.1

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-Azure-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-EC2-CHOST-HVM-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-EC2-HVM-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-GCE-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-OCI-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SAP-Azure

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SAP-Azure-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SAP-Azure-LI-BYOS-Production

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SAP-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SAP-EC2-HVM-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SAP-GCE

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SAP-GCE-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SAP-OCI-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-Azure-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-Azure-HPC-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-CAP-Deployment-BYOS-GCE

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-CHOST-BYOS-Azure

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-CHOST-BYOS-EC2

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-CHOST-BYOS-GCE

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-EC2-HPC-HVM-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-EC2-HVM-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-GCE-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP1-OCI-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-SAP-Azure

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-SAP-Azure-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-SAP-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-SAP-GCE

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-SAP-GCE-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-SAP-OCI-BYOS

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP1-SAPCAL-Azure

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP1-SAPCAL-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP1-SAPCAL-GCE

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP2-Azure-Basic

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-Azure-Standard

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-BYOS-Azure

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-BYOS-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-BYOS-GCE

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-CAP-Deployment-BYOS-Azure

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-CHOST-BYOS-Azure

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-CHOST-BYOS-EC2

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-CHOST-BYOS-GCE

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-EC2-ECS-HVM

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-GCE

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-HPC-Azure

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-HPC-BYOS-Azure

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

gettext-runtime-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Image SLES15-SP2-SAP-Azure

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-SAP-BYOS-Azure

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-SAP-BYOS-GCE

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-SAP-EC2-HVM

gettext-runtime-0.19.8.1-4.8.1

Image SLES15-SP2-SAP-GCE

gettext-runtime-0.19.8.1-4.8.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

gettext-runtime-0.19.8.1-4.8.1

gettext-runtime-32bit-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

gettext-runtime-0.19.8.1-4.8.1

gettext-runtime-32bit-0.19.8.1-4.8.1

gettext-tools-0.19.8.1-4.8.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20202296-1/
Link for SUSE-SU-2020:2296-1
https://lists.suse.com/pipermail/sle-security-updates/2020-August/007288.html
E-Mail link for SUSE-SU-2020:2296-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1106843
SUSE Bug 1106843
https://bugzilla.suse.com/1113719
SUSE Bug 1113719
https://bugzilla.suse.com/941629
SUSE Bug 941629
https://www.suse.com/security/cve/CVE-2018-18751/
SUSE CVE CVE-2018-18751 page

Описание

An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.

Затронутые продукты

Container suse/sles/15.2/virt-handler:0.38.1:gettext-runtime-0.19.8.1-4.8.1

Container suse/sles/15.2/virt-launcher:0.38.1:gettext-runtime-0.19.8.1-4.8.1

Image SLES15-Azure-BYOS:gettext-runtime-0.19.8.1-4.8.1

Image SLES15-EC2-CHOST-HVM-BYOS:gettext-runtime-0.19.8.1-4.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-18751.html
CVE-2018-18751
https://bugzilla.suse.com/1113719
SUSE Bug 1113719