openSUSE-SU-2017:2766-1

Опубликовано: 18 окт. 2017

Источник: suse-cvrf

Описание

Security update for upx

This update for upx fixes the following security issue:

CVE-2017-15056: specially crafted package may have caused a denial of service (boo#1062059)

In addition upx was updated to 3.94, with the following improvements:

Support for aarch64).
Support for --lzma compression on 64-bit PowerPC

Список пакетов

openSUSE Leap 42.2

upx-3.94-9.1

openSUSE Leap 42.3

upx-3.94-9.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2017-10/msg00065.html
E-Mail link for openSUSE-SU-2017:2766-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

p_lx_elf.cpp in UPX 3.94 mishandles ELF headers, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted binary file, as demonstrated by an Invalid Pointer Read in PackLinuxElf64::unpack().

Затронутые продукты

openSUSE Leap 42.2:upx-3.94-9.1

openSUSE Leap 42.3:upx-3.94-9.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-15056.html
CVE-2017-15056
https://bugzilla.suse.com/1062059
SUSE Bug 1062059

openSUSE-SU-2017:2766-1

Описание

Список пакетов

openSUSE Leap 42.2

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-15056

Описание

Затронутые продукты

Ссылки