Описание
Security update for mozjs60
This update for mozjs60 fixes the following issues:
- CVE-2024-45492: embedded expat: detect integer overflow in function nextScaffoldPart (bsc#1230038)
- CVE-2024-45491: embedded expat: detect integer overflow in dtdCopy (bsc#1230037)
- CVE-2024-45490: embedded expat: reject negative len for XML_ParseBuffer (bsc#1230036)
- CVE-2024-50602: libexpat: DoS via XML_ResumeParser (bsc#1232602)
Список пакетов
SUSE Linux Enterprise Micro 5.2
libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Micro 5.3
libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Micro 5.4
libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP7
libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Module for Desktop Applications 15 SP7
mozjs60-devel-60.9.0-150200.6.8.1
openSUSE Leap 15.6
libmozjs-60-60.9.0-150200.6.8.1
mozjs60-60.9.0-150200.6.8.1
mozjs60-devel-60.9.0-150200.6.8.1
Ссылки
- Link for SUSE-SU-2026:0044-1
- E-Mail link for SUSE-SU-2026:0044-1
- SUSE Security Ratings
- SUSE Bug 1230036
- SUSE Bug 1230037
- SUSE Bug 1230038
- SUSE Bug 1232602
- SUSE CVE CVE-2024-45490 page
- SUSE CVE CVE-2024-45491 page
- SUSE CVE CVE-2024-45492 page
- SUSE CVE CVE-2024-50602 page
Описание
An issue was discovered in libexpat before 2.6.3. xmlparse.c does not reject a negative length for XML_ParseBuffer.
Затронутые продукты
SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1
Ссылки
- CVE-2024-45490
- SUSE Bug 1229930
- SUSE Bug 1229962
Описание
An issue was discovered in libexpat before 2.6.3. dtdCopy in xmlparse.c can have an integer overflow for nDefaultAtts on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Затронутые продукты
SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1
Ссылки
- CVE-2024-45491
- SUSE Bug 1229930
- SUSE Bug 1229931
Описание
An issue was discovered in libexpat before 2.6.3. nextScaffoldPart in xmlparse.c can have an integer overflow for m_groupSize on 32-bit platforms (where UINT_MAX equals SIZE_MAX).
Затронутые продукты
SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1
Ссылки
- CVE-2024-45492
- SUSE Bug 1229930
- SUSE Bug 1229932
- SUSE Bug 1229964
Описание
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
Затронутые продукты
SUSE Linux Enterprise Micro 5.2:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Micro 5.3:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Micro 5.4:libmozjs-60-60.9.0-150200.6.8.1
SUSE Linux Enterprise Module for Basesystem 15 SP7:libmozjs-60-60.9.0-150200.6.8.1
Ссылки
- CVE-2024-50602
- SUSE Bug 1232579