Описание
Security update for aspell
This update for aspell fixes the following security issue:
- CVE-2019-20433: Fixed a buffer over-read when processing strings ending with a single '\0' byte with ucs-2 and ucs-4 encoding (bsc#1161982).
Список пакетов
SUSE Linux Enterprise Server 12 SP5
aspell-0.60.6.1-18.8.2
aspell-ispell-0.60.6.1-18.8.2
libaspell15-0.60.6.1-18.8.2
libaspell15-32bit-0.60.6.1-18.8.2
SUSE Linux Enterprise Server for SAP Applications 12 SP5
aspell-0.60.6.1-18.8.2
aspell-ispell-0.60.6.1-18.8.2
libaspell15-0.60.6.1-18.8.2
libaspell15-32bit-0.60.6.1-18.8.2
SUSE Linux Enterprise Software Development Kit 12 SP5
aspell-devel-0.60.6.1-18.8.2
libpspell15-0.60.6.1-18.8.2
Ссылки
- Link for SUSE-SU-2020:2807-1
- E-Mail link for SUSE-SU-2020:2807-1
- SUSE Security Ratings
- SUSE Bug 1161982
- SUSE CVE CVE-2019-20433 page
Описание
libaspell.a in GNU Aspell before 0.60.8 has a buffer over-read for a string ending with a single '\0' byte, if the encoding is set to ucs-2 or ucs-4 outside of the application, as demonstrated by the ASPELL_CONF environment variable.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP5:aspell-0.60.6.1-18.8.2
SUSE Linux Enterprise Server 12 SP5:aspell-ispell-0.60.6.1-18.8.2
SUSE Linux Enterprise Server 12 SP5:libaspell15-0.60.6.1-18.8.2
SUSE Linux Enterprise Server 12 SP5:libaspell15-32bit-0.60.6.1-18.8.2
Ссылки
- CVE-2019-20433
- SUSE Bug 1161982