exploitDog

SUSE-SU-2022:2909-1

Опубликовано: 26 авг. 2022

Источник: suse-cvrf

Описание

Security update for libcroco

This update for libcroco fixes the following issues:

CVE-2020-12825: Fixed an uncontrolled recursion issue (bsc#1171685).

Список пакетов

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-Azure-BYOS

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-Azure-Basic-On-Demand

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-Azure-HPC-BYOS

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-Azure-HPC-On-Demand

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-Azure-SAP-BYOS

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-Azure-SAP-On-Demand

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-Azure-Standard-On-Demand

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-EC2-BYOS

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-EC2-ECS-On-Demand

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-EC2-On-Demand

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-EC2-SAP-BYOS

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-EC2-SAP-On-Demand

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-GCE-BYOS

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-GCE-On-Demand

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-GCE-SAP-BYOS

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-GCE-SAP-On-Demand

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

libcroco-0_6-3-0.6.11-12.6.45

SUSE Linux Enterprise Server 12 SP2-BCL

libcroco-0_6-3-0.6.11-12.6.45

libcroco-0_6-3-32bit-0.6.11-12.6.45

SUSE Linux Enterprise Server 12 SP3-BCL

libcroco-0_6-3-0.6.11-12.6.45

libcroco-0_6-3-32bit-0.6.11-12.6.45

SUSE Linux Enterprise Server 12 SP4-LTSS

libcroco-0_6-3-0.6.11-12.6.45

libcroco-0_6-3-32bit-0.6.11-12.6.45

SUSE Linux Enterprise Server 12 SP5

libcroco-0_6-3-0.6.11-12.6.45

libcroco-0_6-3-32bit-0.6.11-12.6.45

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libcroco-0_6-3-0.6.11-12.6.45

libcroco-0_6-3-32bit-0.6.11-12.6.45

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libcroco-0_6-3-0.6.11-12.6.45

libcroco-0_6-3-32bit-0.6.11-12.6.45

SUSE Linux Enterprise Software Development Kit 12 SP5

libcroco-0.6.11-12.6.45

libcroco-devel-0.6.11-12.6.45

SUSE OpenStack Cloud 9

libcroco-0_6-3-0.6.11-12.6.45

libcroco-0_6-3-32bit-0.6.11-12.6.45

SUSE OpenStack Cloud Crowbar 9

libcroco-0_6-3-0.6.11-12.6.45

libcroco-0_6-3-32bit-0.6.11-12.6.45

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222909-1/
Link for SUSE-SU-2022:2909-1
https://lists.suse.com/pipermail/sle-security-updates/2022-August/012001.html
E-Mail link for SUSE-SU-2022:2909-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1171685
SUSE Bug 1171685
https://www.suse.com/security/cve/CVE-2020-12825/
SUSE CVE CVE-2020-12825 page

Описание

libcroco through 0.6.13 has excessive recursion in cr_parser_parse_any_core in cr-parser.c, leading to stack consumption.

Затронутые продукты

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-Azure-BYOS:libcroco-0_6-3-0.6.11-12.6.45

Image SLES12-SP5-Azure-Basic-On-Demand:libcroco-0_6-3-0.6.11-12.6.45

Ссылки

https://www.suse.com/security/cve/CVE-2020-12825.html
CVE-2020-12825
https://bugzilla.suse.com/1171685
SUSE Bug 1171685
https://bugzilla.suse.com/1203730
SUSE Bug 1203730
https://bugzilla.suse.com/1208647
SUSE Bug 1208647