Описание
Security update for mozjs52
This update for mozjs52 fixes the following issues:
- CVE-2024-45491: Fixed integer overflow in dtdCopy (bsc#1230037)
- CVE-2024-50602: Fixed DoS via XML_ResumeParser (bsc#1232599)
- CVE-2024-45492: Fixed integer overflow in function nextScaffoldPart (bsc#1230038)
- CVE-2024-45490: Fixed negative len for XML_ParseBuffer (bsc#1230036)
Список пакетов
SUSE Linux Enterprise Module for Package Hub 15 SP7
libmozjs-52-52.6.0-150000.3.9.1
openSUSE Leap 15.6
libmozjs-52-52.6.0-150000.3.9.1
mozjs52-52.6.0-150000.3.9.1
mozjs52-devel-52.6.0-150000.3.9.1
Ссылки
- Link for SUSE-SU-2025:4512-1
- E-Mail link for SUSE-SU-2025:4512-1
- SUSE Security Ratings
- SUSE Bug 1230036
- SUSE Bug 1230037
- SUSE Bug 1230038
- SUSE Bug 1232599
- SUSE CVE CVE-2024-45490 page
- SUSE CVE CVE-2024-45491 page
- SUSE CVE CVE-2024-45492 page
- SUSE CVE CVE-2024-50602 page
Описание
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1
Ссылки
- CVE-2024-45490
- SUSE Bug 1229930
- SUSE Bug 1229962
Описание
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1
Ссылки
- CVE-2024-45491
- SUSE Bug 1229930
- SUSE Bug 1229931
Описание
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1
Ссылки
- CVE-2024-45492
- SUSE Bug 1229930
- SUSE Bug 1229932
- SUSE Bug 1229964
Описание
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
Затронутые продукты
SUSE Linux Enterprise Module for Package Hub 15 SP7:libmozjs-52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:libmozjs-52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:mozjs52-52.6.0-150000.3.9.1
openSUSE Leap 15.6:mozjs52-devel-52.6.0-150000.3.9.1
Ссылки
- CVE-2024-50602
- SUSE Bug 1232579