Описание
Security update for libwebp
This update for libwebp fixes the following issues:
- CVE-2018-25010: Fixed heap-based buffer overflow in ApplyFilter() (bsc#1185685).
- CVE-2020-36330: Fixed heap-based buffer overflow in ChunkVerifyAndAssign() (bsc#1185691).
- CVE-2020-36332: Fixed extreme memory allocation when reading a file (bsc#1185674).
- CVE-2020-36329: Fixed use-after-free in EmitFancyRGB() (bsc#1185652).
- CVE-2018-25012: Fixed heap-based buffer overflow in GetLE24() (bsc#1185690).
- CVE-2018-25013: Fixed heap-based buffer overflow in ShiftBytes() (bsc#1185654).
- CVE-2020-36331: Fixed heap-based buffer overflow in ChunkAssignData() (bsc#1185686).
- CVE-2018-25009: Fixed heap-based buffer overflow in GetLE16() (bsc#1185673).
- CVE-2018-25011: Fixed fail on multiple image chunks (bsc#1186247).
Список пакетов
HPE Helion OpenStack 8
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP4-LTSS
SUSE Linux Enterprise Server 12 SP5
SUSE Linux Enterprise Server for SAP Applications 12 SP3
SUSE Linux Enterprise Server for SAP Applications 12 SP4
SUSE Linux Enterprise Server for SAP Applications 12 SP5
SUSE Linux Enterprise Software Development Kit 12 SP5
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Ссылки
- Link for SUSE-SU-2021:1830-1
- E-Mail link for SUSE-SU-2021:1830-1
- SUSE Security Ratings
- SUSE Bug 1185652
- SUSE Bug 1185654
- SUSE Bug 1185673
- SUSE Bug 1185674
- SUSE Bug 1185685
- SUSE Bug 1185686
- SUSE Bug 1185690
- SUSE Bug 1185691
- SUSE Bug 1186247
- SUSE CVE CVE-2018-25009 page
- SUSE CVE CVE-2018-25010 page
- SUSE CVE CVE-2018-25011 page
- SUSE CVE CVE-2018-25012 page
- SUSE CVE CVE-2018-25013 page
- SUSE CVE CVE-2020-36329 page
- SUSE CVE CVE-2020-36330 page
- SUSE CVE CVE-2020-36331 page
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE16().
Затронутые продукты
Ссылки
- CVE-2018-25009
- SUSE Bug 1185673
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ApplyFilter().
Затронутые продукты
Ссылки
- CVE-2018-25010
- SUSE Bug 1185685
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in PutLE16().
Затронутые продукты
Ссылки
- CVE-2018-25011
- SUSE Bug 1186247
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in GetLE24().
Затронутые продукты
Ссылки
- CVE-2018-25012
- SUSE Bug 1185690
Описание
A heap-based buffer overflow was found in libwebp in versions before 1.0.1 in ShiftBytes().
Затронутые продукты
Ссылки
- CVE-2018-25013
- SUSE Bug 1185654
Описание
A flaw was found in libwebp in versions before 1.0.1. A use-after-free was found due to a thread being killed too early. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Затронутые продукты
Ссылки
- CVE-2020-36329
- SUSE Bug 1185652
- SUSE Bug 1187486
Описание
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkVerifyAndAssign. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Затронутые продукты
Ссылки
- CVE-2020-36330
- SUSE Bug 1185691
- SUSE Bug 1187486
Описание
A flaw was found in libwebp in versions before 1.0.1. An out-of-bounds read was found in function ChunkAssignData. The highest threat from this vulnerability is to data confidentiality and to the service availability.
Затронутые продукты
Ссылки
- CVE-2020-36331
- SUSE Bug 1185686
- SUSE Bug 1187486
Описание
A flaw was found in libwebp in versions before 1.0.1. When reading a file libwebp allocates an excessive amount of memory. The highest threat from this vulnerability is to the service availability.
Затронутые продукты
Ссылки
- CVE-2020-36332
- SUSE Bug 1185674
- SUSE Bug 1187486