Описание
Security update for libwmf
This update for libwmf fixes the following issues:
libwmf was updated to 0.2.12:
-
upstream changed to fork from Fedora: https://github.com/caolanm/libwmf
-
merged all the pending fixes
-
merge in fixes for libgd CVE-2019-6978 (bsc#1123522)
-
fixed memory allocation failure (CVE-2016-9011)
-
Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
libwmf-0_2-7-0.2.12-243.3.1
libwmf-devel-0.2.12-243.3.1
libwmf-gnome-0.2.12-243.3.1
libwmf-tools-0.2.12-243.3.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libwmf-0_2-7-0.2.12-243.3.1
Ссылки
- Link for SUSE-SU-2022:1560-1
- E-Mail link for SUSE-SU-2022:1560-1
- SUSE Security Ratings
- SUSE Bug 1006739
- SUSE Bug 1123522
- SUSE Bug 1174075
- SUSE CVE CVE-2016-9011 page
- SUSE CVE CVE-2019-6978 page
Описание
The wmf_malloc function in api.c in libwmf 0.2.8.4 allows remote attackers to cause a denial of service (application crash) via a crafted wmf file, which triggers a memory allocation failure.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:libwmf-0_2-7-0.2.12-243.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libwmf-devel-0.2.12-243.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libwmf-gnome-0.2.12-243.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libwmf-tools-0.2.12-243.3.1
Ссылки
- CVE-2016-9011
- SUSE Bug 1006739
Описание
The GD Graphics Library (aka LibGD) 2.2.5 has a double free in the gdImage*Ptr() functions in gd_gif_out.c, gd_jpeg.c, and gd_wbmp.c. NOTE: PHP is unaffected.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:libwmf-0_2-7-0.2.12-243.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libwmf-devel-0.2.12-243.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libwmf-gnome-0.2.12-243.3.1
SUSE Linux Enterprise Software Development Kit 12 SP5:libwmf-tools-0.2.12-243.3.1
Ссылки
- CVE-2019-6978
- SUSE Bug 1123522