openSUSE-SU-2016:2888-1

Опубликовано: 23 нояб. 2016

Источник: suse-cvrf

Описание

Security update for gnuchess

This update for gnuchess fixes a security issue:

CVE-2015-8972: specially crafted user input may have caused gnuchess to crash (boo#1010143)

Список пакетов

openSUSE Leap 42.1

gnuchess-6.2.1-5.1

openSUSE Leap 42.2

gnuchess-6.2.1-5.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-11/msg00105.html
E-Mail link for openSUSE-SU-2016:2888-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Stack-based buffer overflow in the ValidateMove function in frontend/move.cc in GNU Chess (aka gnuchess) before 6.2.4 might allow context-dependent attackers to execute arbitrary code via a large input, as demonstrated when in UCI mode.

Затронутые продукты

openSUSE Leap 42.1:gnuchess-6.2.1-5.1

openSUSE Leap 42.2:gnuchess-6.2.1-5.1

Ссылки

https://www.suse.com/security/cve/CVE-2015-8972.html
CVE-2015-8972
https://bugzilla.suse.com/1010143
SUSE Bug 1010143

openSUSE-SU-2016:2888-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2015-8972

Описание

Затронутые продукты

Ссылки