Описание
Security update for mozjs78
This update for mozjs78 fixes the following issues:
- CVE-2024-45490: Fixed negative len for XML_ParseBuffer in embedded expat (bnc#1230036)
- CVE-2024-45491: Fixed integer overflow in dtdCopy in embedded expat (bnc#1230037)
- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart in embedded expat (bnc#1230038)
Список пакетов
SUSE Linux Enterprise Module for Desktop Applications 15 SP5
libmozjs-78-0-78.15.0-150400.3.6.2
mozjs78-devel-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Package Hub 15 SP5
libmozjs-78-0-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Package Hub 15 SP6
libmozjs-78-0-78.15.0-150400.3.6.2
openSUSE Leap 15.5
libmozjs-78-0-78.15.0-150400.3.6.2
mozjs78-78.15.0-150400.3.6.2
mozjs78-devel-78.15.0-150400.3.6.2
openSUSE Leap 15.6
libmozjs-78-0-78.15.0-150400.3.6.2
mozjs78-78.15.0-150400.3.6.2
mozjs78-devel-78.15.0-150400.3.6.2
Ссылки
- Link for SUSE-SU-2024:3554-1
- E-Mail link for SUSE-SU-2024:3554-1
- SUSE Security Ratings
- SUSE Bug 1230036
- SUSE Bug 1230037
- SUSE Bug 1230038
- SUSE CVE CVE-2024-45490 page
- SUSE CVE CVE-2024-45491 page
- SUSE CVE CVE-2024-45492 page
Описание
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2
Ссылки
- CVE-2024-45490
- SUSE Bug 1229930
Описание
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2
Ссылки
- CVE-2024-45491
- SUSE Bug 1229930
- SUSE Bug 1229931
Описание
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Затронутые продукты
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Desktop Applications 15 SP5:mozjs78-devel-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Package Hub 15 SP5:libmozjs-78-0-78.15.0-150400.3.6.2
SUSE Linux Enterprise Module for Package Hub 15 SP6:libmozjs-78-0-78.15.0-150400.3.6.2
Ссылки
- CVE-2024-45492
- SUSE Bug 1229930
- SUSE Bug 1229932