Описание
Security update for gsl
This update for gsl fixes the following issues:
- CVE-2020-35357: Fixed a stack out of bounds read in gsl_stats_quantile_from_sorted_data(). (bsc#1214681)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP4
gsl-devel-2.6-150200.3.4.3
libgsl25-2.6-150200.3.4.3
libgslcblas0-2.6-150200.3.4.3
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
gsl-devel-2.6-150200.3.4.3
libgsl25-2.6-150200.3.4.3
libgslcblas0-2.6-150200.3.4.3
SUSE Linux Enterprise Module for Package Hub 15 SP4
libgslcblas0-2.6-150200.3.4.3
SUSE Linux Enterprise Module for Package Hub 15 SP5
libgslcblas0-2.6-150200.3.4.3
openSUSE Leap 15.4
gsl-2.6-150200.3.4.3
gsl-devel-2.6-150200.3.4.3
gsl-doc-2.6-150200.3.4.3
gsl-examples-2.6-150200.3.4.3
gsl-gnu-hpc-2.6-150200.3.4.3
gsl-gnu-hpc-devel-2.6-150200.3.4.3
gsl-gnu-hpc-doc-2.6-150200.3.4.3
gsl_2_6-gnu-hpc-2.6-150200.3.4.3
gsl_2_6-gnu-hpc-devel-2.6-150200.3.4.3
gsl_2_6-gnu-hpc-doc-2.6-150200.3.4.3
gsl_2_6-gnu-hpc-examples-2.6-150200.3.4.3
gsl_2_6-gnu-hpc-module-2.6-150200.3.4.3
libgsl-gnu-hpc-2.6-150200.3.4.3
libgsl25-2.6-150200.3.4.3
libgsl_2_6-gnu-hpc-2.6-150200.3.4.3
libgslcblas-gnu-hpc-2.6-150200.3.4.3
libgslcblas0-2.6-150200.3.4.3
libgslcblas_2_6-gnu-hpc-2.6-150200.3.4.3
openSUSE Leap 15.5
gsl-2.6-150200.3.4.3
gsl-devel-2.6-150200.3.4.3
gsl-doc-2.6-150200.3.4.3
gsl-examples-2.6-150200.3.4.3
gsl-gnu-hpc-2.6-150200.3.4.3
gsl-gnu-hpc-devel-2.6-150200.3.4.3
gsl-gnu-hpc-doc-2.6-150200.3.4.3
gsl_2_6-gnu-hpc-2.6-150200.3.4.3
gsl_2_6-gnu-hpc-devel-2.6-150200.3.4.3
gsl_2_6-gnu-hpc-doc-2.6-150200.3.4.3
gsl_2_6-gnu-hpc-examples-2.6-150200.3.4.3
gsl_2_6-gnu-hpc-module-2.6-150200.3.4.3
libgsl-gnu-hpc-2.6-150200.3.4.3
libgsl25-2.6-150200.3.4.3
libgsl_2_6-gnu-hpc-2.6-150200.3.4.3
libgslcblas-gnu-hpc-2.6-150200.3.4.3
libgslcblas0-2.6-150200.3.4.3
libgslcblas_2_6-gnu-hpc-2.6-150200.3.4.3
Ссылки
- Link for SUSE-SU-2023:3858-1
- E-Mail link for SUSE-SU-2023:3858-1
- SUSE Security Ratings
- SUSE Bug 1214681
- SUSE CVE CVE-2020-35357 page
Описание
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:gsl-devel-2.6-150200.3.4.3
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libgsl25-2.6-150200.3.4.3
SUSE Linux Enterprise Module for Desktop Applications 15 SP4:libgslcblas0-2.6-150200.3.4.3
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:gsl-devel-2.6-150200.3.4.3
Ссылки
- CVE-2020-35357
- SUSE Bug 1214681