Описание
Security update for libraw
This update for libraw fixes the following issues:
Security issue fixed:
- CVE-2017-14265: A stack based buffer overflow in the xtrans_interpolate function was fixed. [boo#1060163]
- CVE-2017-13735: A floating point exception in the kodak_radc_load_raw function was fixed which could have lead to aborts of programs using libraw on reading malicious files. [bsc#1060321]
Список пакетов
openSUSE Leap 42.2
libraw-0.17.1-11.1
libraw-devel-0.17.1-11.1
libraw-devel-static-0.17.1-11.1
libraw-tools-0.17.1-11.1
libraw15-0.17.1-11.1
openSUSE Leap 42.3
libraw-0.17.1-11.1
libraw-devel-0.17.1-11.1
libraw-devel-static-0.17.1-11.1
libraw-tools-0.17.1-11.1
libraw15-0.17.1-11.1
Ссылки
- E-Mail link for openSUSE-SU-2017:2638-1
- SUSE Security Ratings
Описание
There is a floating point exception in the kodak_radc_load_raw function in dcraw_common.cpp in LibRaw 0.18.2. It will lead to a remote denial of service attack.
Затронутые продукты
openSUSE Leap 42.2:libraw-0.17.1-11.1
openSUSE Leap 42.2:libraw-devel-0.17.1-11.1
openSUSE Leap 42.2:libraw-devel-static-0.17.1-11.1
openSUSE Leap 42.2:libraw-tools-0.17.1-11.1
Ссылки
- CVE-2017-13735
- SUSE Bug 1056170
- SUSE Bug 1060321
Описание
A Stack-based Buffer Overflow was discovered in xtrans_interpolate in internal/dcraw_common.cpp in LibRaw before 0.18.3. It could allow a remote denial of service or code execution attack.
Затронутые продукты
openSUSE Leap 42.2:libraw-0.17.1-11.1
openSUSE Leap 42.2:libraw-devel-0.17.1-11.1
openSUSE Leap 42.2:libraw-devel-static-0.17.1-11.1
openSUSE Leap 42.2:libraw-tools-0.17.1-11.1
Ссылки
- CVE-2017-14265
- SUSE Bug 1060163
- SUSE Bug 1084688
- SUSE Bug 1084690
- SUSE Bug 1084691