SUSE-SU-2021:1641-1

Опубликовано: 19 мая 2021

Источник: suse-cvrf

Описание

Security update for djvulibre

This update for djvulibre fixes the following issues:

CVE-2021-32490 [bsc#1185895]: Out of bounds write in function DJVU:filter_bv() via crafted djvu file
CVE-2021-32491 [bsc#1185900]: Integer overflow in function render() in tools/ddjvu via crafted djvu file
CVE-2021-32492 [bsc#1185904]: Out of bounds read in function DJVU:DataPool:has_data() via crafted djvu file
CVE-2021-32493 [bsc#1185905]: Heap buffer overflow in function DJVU:GBitmap:decode() via crafted djvu file

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

libdjvulibre-devel-3.5.27-11.3.1

libdjvulibre21-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

libdjvulibre-devel-3.5.27-11.3.1

libdjvulibre21-3.5.27-11.3.1

SUSE Linux Enterprise Module for Package Hub 15 SP2

djvulibre-3.5.27-11.3.1

SUSE Linux Enterprise Module for Package Hub 15 SP3

djvulibre-3.5.27-11.3.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20211641-1/
Link for SUSE-SU-2021:1641-1
https://lists.suse.com/pipermail/sle-security-updates/2021-May/008792.html
E-Mail link for SUSE-SU-2021:1641-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1185895
SUSE Bug 1185895
https://bugzilla.suse.com/1185900
SUSE Bug 1185900
https://bugzilla.suse.com/1185904
SUSE Bug 1185904
https://bugzilla.suse.com/1185905
SUSE Bug 1185905
https://www.suse.com/security/cve/CVE-2021-32490/
SUSE CVE CVE-2021-32490 page
https://www.suse.com/security/cve/CVE-2021-32491/
SUSE CVE CVE-2021-32491 page
https://www.suse.com/security/cve/CVE-2021-32492/
SUSE CVE CVE-2021-32492 page
https://www.suse.com/security/cve/CVE-2021-32493/
SUSE CVE CVE-2021-32493 page

Описание

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds write in function DJVU::filter_bv() via crafted djvu file may lead to application crash and other consequences.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libdjvulibre-devel-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libdjvulibre21-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libdjvulibre-devel-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libdjvulibre21-3.5.27-11.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-32490.html
CVE-2021-32490
https://bugzilla.suse.com/1185895
SUSE Bug 1185895

Описание

A flaw was found in djvulibre-3.5.28 and earlier. An integer overflow in function render() in tools/ddjvu via crafted djvu file may lead to application crash and other consequences.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libdjvulibre-devel-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libdjvulibre21-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libdjvulibre-devel-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libdjvulibre21-3.5.27-11.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-32491.html
CVE-2021-32491
https://bugzilla.suse.com/1185900
SUSE Bug 1185900

Описание

A flaw was found in djvulibre-3.5.28 and earlier. An out of bounds read in function DJVU::DataPool::has_data() via crafted djvu file may lead to application crash and other consequences.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libdjvulibre-devel-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libdjvulibre21-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libdjvulibre-devel-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libdjvulibre21-3.5.27-11.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-32492.html
CVE-2021-32492
https://bugzilla.suse.com/1185904
SUSE Bug 1185904

Описание

A flaw was found in djvulibre-3.5.28 and earlier. A heap buffer overflow in function DJVU::GBitmap::decode() via crafted djvu file may lead to application crash and other consequences.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libdjvulibre-devel-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2:libdjvulibre21-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libdjvulibre-devel-3.5.27-11.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3:libdjvulibre21-3.5.27-11.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-32493.html
CVE-2021-32493
https://bugzilla.suse.com/1185905
SUSE Bug 1185905

SUSE-SU-2021:1641-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

SUSE Linux Enterprise Module for Package Hub 15 SP2

SUSE Linux Enterprise Module for Package Hub 15 SP3

Ссылки

Уязвимость: CVE-2021-32490

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-32491

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-32492

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-32493

Описание

Затронутые продукты

Ссылки