exploitDog

SUSE-SU-2022:3456-1

Опубликовано: 28 сент. 2022

Источник: suse-cvrf

Описание

Security update for libostree

This update for libostree fixes the following issues:

CVE-2014-9862: Fixed arbitrary write on heap vulnerability (bsc#1201770).

Список пакетов

SUSE Enterprise Storage 7

libostree-2020.8-150200.3.6.1

libostree-1-1-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

libostree-2020.8-150200.3.6.1

libostree-1-1-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libostree-2020.8-150200.3.6.1

libostree-1-1-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

SUSE Linux Enterprise Module for Basesystem 15 SP3

libostree-1-1-2020.8-150200.3.6.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP3

libostree-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

SUSE Linux Enterprise Server 15 SP2-BCL

libostree-2020.8-150200.3.6.1

libostree-1-1-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

SUSE Linux Enterprise Server 15 SP2-LTSS

libostree-2020.8-150200.3.6.1

libostree-1-1-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

libostree-2020.8-150200.3.6.1

libostree-1-1-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

SUSE Manager Proxy 4.1

libostree-2020.8-150200.3.6.1

libostree-1-1-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

SUSE Manager Retail Branch Server 4.1

libostree-2020.8-150200.3.6.1

libostree-1-1-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

SUSE Manager Server 4.1

libostree-2020.8-150200.3.6.1

libostree-1-1-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

openSUSE Leap 15.3

libostree-2020.8-150200.3.6.1

libostree-1-1-2020.8-150200.3.6.1

libostree-devel-2020.8-150200.3.6.1

libostree-grub2-2020.8-150200.3.6.1

typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223456-1/
Link for SUSE-SU-2022:3456-1
https://lists.suse.com/pipermail/sle-security-updates/2022-September/012445.html
E-Mail link for SUSE-SU-2022:3456-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1201770
SUSE Bug 1201770
https://www.suse.com/security/cve/CVE-2014-9862/
SUSE CVE CVE-2014-9862 page

Описание

Integer signedness error in bspatch.c in bspatch in bsdiff, as used in Apple OS X before 10.11.6 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (heap-based buffer overflow) via a crafted patch file.

Затронутые продукты

SUSE Enterprise Storage 7:libostree-1-1-2020.8-150200.3.6.1

SUSE Enterprise Storage 7:libostree-2020.8-150200.3.6.1

SUSE Enterprise Storage 7:libostree-devel-2020.8-150200.3.6.1

SUSE Enterprise Storage 7:typelib-1_0-OSTree-1_0-2020.8-150200.3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-9862.html
CVE-2014-9862
https://bugzilla.suse.com/1173974
SUSE Bug 1173974
https://bugzilla.suse.com/1201770
SUSE Bug 1201770
https://bugzilla.suse.com/990660
SUSE Bug 990660