Описание
Security update for gsl
This update for gsl fixes the following issues:
- CVE-2020-35357: Fixed a stack out of bounds read in gsl_stats_quantile_from_sorted_data(). (bsc#1214681)
Список пакетов
SUSE Linux Enterprise Workstation Extension 15 SP4
libgsl23-2.4-150100.9.4.1
SUSE Linux Enterprise Workstation Extension 15 SP5
libgsl23-2.4-150100.9.4.1
openSUSE Leap 15.4
gsl_2_4-gnu-hpc-2.4-150100.9.4.1
gsl_2_4-gnu-hpc-devel-2.4-150100.9.4.1
gsl_2_4-gnu-hpc-doc-2.4-150100.9.4.1
gsl_2_4-gnu-hpc-examples-2.4-150100.9.4.1
gsl_2_4-gnu-hpc-module-2.4-150100.9.4.1
libgsl23-2.4-150100.9.4.1
libgsl_2_4-gnu-hpc-2.4-150100.9.4.1
libgslcblas_2_4-gnu-hpc-2.4-150100.9.4.1
openSUSE Leap 15.5
gsl_2_4-gnu-hpc-2.4-150100.9.4.1
gsl_2_4-gnu-hpc-devel-2.4-150100.9.4.1
gsl_2_4-gnu-hpc-doc-2.4-150100.9.4.1
gsl_2_4-gnu-hpc-examples-2.4-150100.9.4.1
gsl_2_4-gnu-hpc-module-2.4-150100.9.4.1
libgsl_2_4-gnu-hpc-2.4-150100.9.4.1
libgslcblas_2_4-gnu-hpc-2.4-150100.9.4.1
Ссылки
- Link for SUSE-SU-2023:3527-1
- E-Mail link for SUSE-SU-2023:3527-1
- SUSE Security Ratings
- SUSE Bug 1214681
- SUSE CVE CVE-2020-35357 page
Описание
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.
Затронутые продукты
SUSE Linux Enterprise Workstation Extension 15 SP4:libgsl23-2.4-150100.9.4.1
SUSE Linux Enterprise Workstation Extension 15 SP5:libgsl23-2.4-150100.9.4.1
openSUSE Leap 15.4:gsl_2_4-gnu-hpc-2.4-150100.9.4.1
openSUSE Leap 15.4:gsl_2_4-gnu-hpc-devel-2.4-150100.9.4.1
Ссылки
- CVE-2020-35357
- SUSE Bug 1214681