SUSE-SU-2024:3538-1

Опубликовано: 07 окт. 2024

Источник: suse-cvrf

Описание

Security update for mozjs115

This update for mozjs115 fixes the following issues:

CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036)
CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037)
CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038)

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

libmozjs-115-0-115.4.0-150600.3.3.1

mozjs115-devel-115.4.0-150600.3.3.1

openSUSE Leap 15.6

libmozjs-115-0-115.4.0-150600.3.3.1

mozjs115-115.4.0-150600.3.3.1

mozjs115-devel-115.4.0-150600.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20243538-1/
Link for SUSE-SU-2024:3538-1
https://lists.suse.com/pipermail/sle-security-updates/2024-October/019556.html
E-Mail link for SUSE-SU-2024:3538-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1230036
SUSE Bug 1230036
https://bugzilla.suse.com/1230037
SUSE Bug 1230037
https://bugzilla.suse.com/1230038
SUSE Bug 1230038
https://www.suse.com/security/cve/CVE-2024-45490/
SUSE CVE CVE-2024-45490 page
https://www.suse.com/security/cve/CVE-2024-45491/
SUSE CVE CVE-2024-45491 page
https://www.suse.com/security/cve/CVE-2024-45492/
SUSE CVE CVE-2024-45492 page

Описание

An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1

openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1

openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-45490.html
CVE-2024-45490
https://bugzilla.suse.com/1229930
SUSE Bug 1229930

Описание

An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1

openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1

openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-45491.html
CVE-2024-45491
https://bugzilla.suse.com/1229930
SUSE Bug 1229930
https://bugzilla.suse.com/1229931
SUSE Bug 1229931

Описание

An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).

Затронутые продукты

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:libmozjs-115-0-115.4.0-150600.3.3.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP6:mozjs115-devel-115.4.0-150600.3.3.1

openSUSE Leap 15.6:libmozjs-115-0-115.4.0-150600.3.3.1

openSUSE Leap 15.6:mozjs115-115.4.0-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-45492.html
CVE-2024-45492
https://bugzilla.suse.com/1229930
SUSE Bug 1229930
https://bugzilla.suse.com/1229932
SUSE Bug 1229932

SUSE-SU-2024:3538-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Desktop Applications 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-45490

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-45491

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2024-45492

Описание

Затронутые продукты

Ссылки