Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2017:2347-1

Опубликовано: 04 сент. 2017
Источник: suse-cvrf

Описание

Security update for pspp

This update for pspp fixes the following issues:

  • CVE-2017-12958: Illegal address access in function output_hex() could lead to denial of service or unexpected state (boo#1054585)
  • CVE-2017-12959: Assertion in function dict_add_mrset() could lead to denial of service (boo#1054588)
  • CVE-2017-12960: Assertion in function dict_rename_var() could lead to denial of service (boo#1054587)
  • CVE-2017-12961: Assertion in function parse_attributes() could lead to denial of service (boo#1054586)

Список пакетов

openSUSE Leap 42.2
pspp-1.0.1-8.1
pspp-devel-1.0.1-8.1
openSUSE Leap 42.3
pspp-1.0.1-8.1
pspp-devel-1.0.1-8.1

Ссылки

Описание

There is an Integer overflow in the hash_int function of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.

Затронутые продукты
openSUSE Leap 42.2:pspp-1.0.1-8.1
openSUSE Leap 42.2:pspp-devel-1.0.1-8.1
openSUSE Leap 42.3:pspp-1.0.1-8.1
openSUSE Leap 42.3:pspp-devel-1.0.1-8.1
Ссылки

Описание

There is a NULL Pointer Dereference in the function ll_insert() of the libpspp library in GNU PSPP before 0.11.0. For example, a crash was observed within the library code when attempting to convert invalid SPSS data into CSV format. A crafted input will lead to a remote denial of service attack.

Затронутые продукты
openSUSE Leap 42.2:pspp-1.0.1-8.1
openSUSE Leap 42.2:pspp-devel-1.0.1-8.1
openSUSE Leap 42.3:pspp-1.0.1-8.1
openSUSE Leap 42.3:pspp-devel-1.0.1-8.1
Ссылки

Описание

There is an illegal address access in the function output_hex() in data/data-out.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.

Затронутые продукты
openSUSE Leap 42.2:pspp-1.0.1-8.1
openSUSE Leap 42.2:pspp-devel-1.0.1-8.1
openSUSE Leap 42.3:pspp-1.0.1-8.1
openSUSE Leap 42.3:pspp-devel-1.0.1-8.1
Ссылки

Описание

There is a reachable assertion abort in the function dict_add_mrset() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to a remote denial of service attack.

Затронутые продукты
openSUSE Leap 42.2:pspp-1.0.1-8.1
openSUSE Leap 42.2:pspp-devel-1.0.1-8.1
openSUSE Leap 42.3:pspp-1.0.1-8.1
openSUSE Leap 42.3:pspp-devel-1.0.1-8.1
Ссылки

Описание

There is a reachable assertion abort in the function dict_rename_var() in data/dictionary.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.

Затронутые продукты
openSUSE Leap 42.2:pspp-1.0.1-8.1
openSUSE Leap 42.2:pspp-devel-1.0.1-8.1
openSUSE Leap 42.3:pspp-1.0.1-8.1
openSUSE Leap 42.3:pspp-devel-1.0.1-8.1
Ссылки

Описание

There is an assertion abort in the function parse_attributes() in data/sys-file-reader.c of the libpspp library in GNU PSPP before 1.0.1 that will lead to remote denial of service.

Затронутые продукты
openSUSE Leap 42.2:pspp-1.0.1-8.1
openSUSE Leap 42.2:pspp-devel-1.0.1-8.1
openSUSE Leap 42.3:pspp-1.0.1-8.1
openSUSE Leap 42.3:pspp-devel-1.0.1-8.1
Ссылки
Уязвимость openSUSE-SU-2017:2347-1