openSUSE-SU-2017:0820-1

Опубликовано: 27 мар. 2017

Источник: suse-cvrf

Описание

Security update for partclone

This update for partclone fixes the following minor security issue:

CVE-2017-6596: A malicious user could have exploited a heap-based buffer overflow vulnerability by supplying a specially crafted image to cause a denial of service (boo#1028904)

The following non-security changes are included:

Support for fuse

Список пакетов

openSUSE Leap 42.1

partclone-0.3.5a-2.3.1

partclone-lang-0.3.5a-2.3.1

openSUSE Leap 42.2

partclone-0.3.5a-2.3.1

partclone-lang-0.3.5a-2.3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-03/msg00085.html
E-Mail link for openSUSE-SU-2017:0820-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

partclone.chkimg in partclone 0.2.89 is prone to a heap-based buffer overflow vulnerability due to insufficient validation of the partclone image header. An attacker may be able to launch a 'Denial of Service attack' in the context of the user running the affected application.

Затронутые продукты

openSUSE Leap 42.1:partclone-0.3.5a-2.3.1

openSUSE Leap 42.1:partclone-lang-0.3.5a-2.3.1

openSUSE Leap 42.2:partclone-0.3.5a-2.3.1

openSUSE Leap 42.2:partclone-lang-0.3.5a-2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-6596.html
CVE-2017-6596
https://bugzilla.suse.com/1028904
SUSE Bug 1028904

openSUSE-SU-2017:0820-1

Описание

Список пакетов

openSUSE Leap 42.1

openSUSE Leap 42.2

Ссылки

Уязвимость: CVE-2017-6596

Описание

Затронутые продукты

Ссылки