Описание
Security update for gsl
This update for gsl fixes the following issues:
- CVE-2020-35357: Fixed a stack out of bounds read in gsl_stats_quantile_from_sorted_data(). (bsc#1214681)
Список пакетов
SUSE Linux Enterprise Software Development Kit 12 SP5
gsl-1.16-5.4.1
gsl-devel-1.16-5.4.1
SUSE Linux Enterprise Workstation Extension 12 SP5
gsl-1.16-5.4.1
Ссылки
- Link for SUSE-SU-2023:4051-1
- E-Mail link for SUSE-SU-2023:4051-1
- SUSE Security Ratings
- SUSE Bug 1214681
- SUSE CVE CVE-2020-35357 page
Описание
A buffer overflow can occur when calculating the quantile value using the Statistics Library of GSL (GNU Scientific Library), versions 2.5 and 2.6. Processing a maliciously crafted input data for gsl_stats_quantile_from_sorted_data of the library may lead to unexpected application termination or arbitrary code execution.
Затронутые продукты
SUSE Linux Enterprise Software Development Kit 12 SP5:gsl-1.16-5.4.1
SUSE Linux Enterprise Software Development Kit 12 SP5:gsl-devel-1.16-5.4.1
SUSE Linux Enterprise Workstation Extension 12 SP5:gsl-1.16-5.4.1
Ссылки
- CVE-2020-35357
- SUSE Bug 1214681