SUSE-SU-2024:1860-1

Опубликовано: 30 мая 2024

Источник: suse-cvrf

Описание

Security update for uriparser

This update for uriparser fixes the following issues:

CVE-2024-34402: Fixed integer overflow protection in ComposeQueryEngine (bsc#1223887).
CVE-2024-34403: Fixed integer overflow protection in ComposeQueryMallocExMm (bsc#1223888).

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP5

liburiparser1-0.8.5-150000.3.8.1

uriparser-0.8.5-150000.3.8.1

uriparser-devel-0.8.5-150000.3.8.1

SUSE Linux Enterprise Module for Package Hub 15 SP6

liburiparser1-0.8.5-150000.3.8.1

uriparser-0.8.5-150000.3.8.1

uriparser-devel-0.8.5-150000.3.8.1

openSUSE Leap 15.5

liburiparser1-0.8.5-150000.3.8.1

liburiparser1-32bit-0.8.5-150000.3.8.1

uriparser-0.8.5-150000.3.8.1

uriparser-devel-0.8.5-150000.3.8.1

openSUSE Leap 15.6

liburiparser1-0.8.5-150000.3.8.1

liburiparser1-32bit-0.8.5-150000.3.8.1

uriparser-0.8.5-150000.3.8.1

uriparser-devel-0.8.5-150000.3.8.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20241860-1/
Link for SUSE-SU-2024:1860-1
https://lists.suse.com/pipermail/sle-security-updates/2024-August/019254.html
E-Mail link for SUSE-SU-2024:1860-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1223887
SUSE Bug 1223887
https://bugzilla.suse.com/1223888
SUSE Bug 1223888
https://www.suse.com/security/cve/CVE-2024-34402/
SUSE CVE CVE-2024-34402 page
https://www.suse.com/security/cve/CVE-2024-34403/
SUSE CVE CVE-2024-34403 page

Описание

An issue was discovered in uriparser through 0.9.7. ComposeQueryEngine in UriQuery.c has an integer overflow via long keys or values, with a resultant buffer overflow.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP5:liburiparser1-0.8.5-150000.3.8.1

SUSE Linux Enterprise Module for Package Hub 15 SP5:uriparser-0.8.5-150000.3.8.1

SUSE Linux Enterprise Module for Package Hub 15 SP5:uriparser-devel-0.8.5-150000.3.8.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:liburiparser1-0.8.5-150000.3.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-34402.html
CVE-2024-34402
https://bugzilla.suse.com/1223887
SUSE Bug 1223887

Описание

An issue was discovered in uriparser through 0.9.7. ComposeQueryMallocExMm in UriQuery.c has an integer overflow via a long string.

Затронутые продукты

SUSE Linux Enterprise Module for Package Hub 15 SP5:liburiparser1-0.8.5-150000.3.8.1

SUSE Linux Enterprise Module for Package Hub 15 SP5:uriparser-0.8.5-150000.3.8.1

SUSE Linux Enterprise Module for Package Hub 15 SP5:uriparser-devel-0.8.5-150000.3.8.1

SUSE Linux Enterprise Module for Package Hub 15 SP6:liburiparser1-0.8.5-150000.3.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-34403.html
CVE-2024-34403
https://bugzilla.suse.com/1223888
SUSE Bug 1223888

SUSE-SU-2024:1860-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Package Hub 15 SP5

SUSE Linux Enterprise Module for Package Hub 15 SP6

openSUSE Leap 15.5

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-34402

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-34403

Описание

Затронутые продукты

Ссылки