Описание
Security update for gettext-runtime
This update for gettext-runtime fixes the following issues:
- Fix boo941629-unnessary-rpath-on-standard-path.patch (bsc#941629)
- Added msgfmt-double-free.patch to fix a double free error (CVE-2018-18751 bsc#1113719)
- Add patch msgfmt-reset-msg-length-after-remove.patch which does reset the length of message string after a line has been removed (bsc#1106843)
Список пакетов
Container suse/sles/15.2/virt-handler:0.38.1
gettext-runtime-0.19.8.1-4.8.1
Container suse/sles/15.2/virt-launcher:0.38.1
gettext-runtime-0.19.8.1-4.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
gettext-runtime-0.19.8.1-4.8.1
gettext-runtime-32bit-0.19.8.1-4.8.1
gettext-tools-0.19.8.1-4.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
gettext-runtime-0.19.8.1-4.8.1
gettext-runtime-32bit-0.19.8.1-4.8.1
gettext-tools-0.19.8.1-4.8.1
Ссылки
- Link for SUSE-SU-2020:2296-1
- E-Mail link for SUSE-SU-2020:2296-1
- SUSE Security Ratings
- SUSE Bug 1106843
- SUSE Bug 1113719
- SUSE Bug 941629
- SUSE CVE CVE-2018-18751 page
Описание
An issue was discovered in GNU gettext 0.19.8. There is a double free in default_add_message in read-catalog.c, related to an invalid free in po_gram_parse in po-gram-gen.y, as demonstrated by lt-msgfmt.
Затронутые продукты
Container suse/sles/15.2/virt-handler:0.38.1:gettext-runtime-0.19.8.1-4.8.1
Container suse/sles/15.2/virt-launcher:0.38.1:gettext-runtime-0.19.8.1-4.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:gettext-runtime-0.19.8.1-4.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:gettext-runtime-32bit-0.19.8.1-4.8.1
Ссылки
- CVE-2018-18751
- SUSE Bug 1113719