SUSE-SU-2023:4090-1

Опубликовано: 17 окт. 2023

Источник: suse-cvrf

Описание

Security update for libcue

This update for libcue fixes the following issues:

CVE-2023-43641: Fixed a buffer overflow while parsing a malicious file (bsc#1215728).

Список пакетов

SUSE Enterprise Storage 7.1

libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise Server 15 SP2-LTSS

libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise Server 15 SP3-LTSS

libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise Workstation Extension 15 SP4

libcue-devel-2.1.0-150000.3.3.1

SUSE Linux Enterprise Workstation Extension 15 SP5

libcue-devel-2.1.0-150000.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20234090-1/
Link for SUSE-SU-2023:4090-1
https://lists.suse.com/pipermail/sle-updates/2023-October/032175.html
E-Mail link for SUSE-SU-2023:4090-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1215728
SUSE Bug 1215728
https://www.suse.com/security/cve/CVE-2023-43641/
SUSE CVE CVE-2023-43641 page

Описание

libcue provides an API for parsing and extracting data from CUE sheets. Versions 2.2.1 and prior are vulnerable to out-of-bounds array access. A user of the GNOME desktop environment can be exploited by downloading a cue sheet from a malicious webpage. Because the file is saved to `~/Downloads`, it is then automatically scanned by tracker-miners. And because it has a .cue filename extension, tracker-miners use libcue to parse the file. The file exploits the vulnerability in libcue to gain code execution. This issue is patched in version 2.3.0.

Затронутые продукты

SUSE Enterprise Storage 7.1:libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:libcue2-2.1.0-150000.3.3.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:libcue2-2.1.0-150000.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-43641.html
CVE-2023-43641
https://bugzilla.suse.com/1215728
SUSE Bug 1215728

SUSE-SU-2023:4090-1

Описание

Список пакетов

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Module for Desktop Applications 15 SP4

SUSE Linux Enterprise Module for Desktop Applications 15 SP5

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Linux Enterprise Workstation Extension 15 SP4

SUSE Linux Enterprise Workstation Extension 15 SP5

Ссылки

Уязвимость: CVE-2023-43641

Описание

Затронутые продукты

Ссылки