openSUSE-SU-2018:0429-1

Опубликовано: 12 фев. 2018

Источник: suse-cvrf

Описание

Security update for leptonica

This update for leptonica fixes the following issues:

CVE-2018-3836: Fixes a command injection vulnerability (boo#1079358 TALOS-2018-0516)

Список пакетов

openSUSE Leap 42.3

leptonica-1.72-6.1

leptonica-devel-1.72-6.1

leptonica-tools-1.72-6.1

liblept4-1.72-6.1

liblept4-32bit-1.72-6.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-02/msg00018.html
E-Mail link for openSUSE-SU-2018:0429-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

An exploitable command injection vulnerability exists in the gplotMakeOutput function of Leptonica 1.74.4. A specially crafted gplot rootname argument can cause a command injection resulting in arbitrary code execution. An attacker can provide a malicious path as input to an application that passes attacker data to this function to trigger this vulnerability.

Затронутые продукты

openSUSE Leap 42.3:leptonica-1.72-6.1

openSUSE Leap 42.3:leptonica-devel-1.72-6.1

openSUSE Leap 42.3:leptonica-tools-1.72-6.1

openSUSE Leap 42.3:liblept4-1.72-6.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-3836.html
CVE-2018-3836
https://bugzilla.suse.com/1079358
SUSE Bug 1079358
https://bugzilla.suse.com/1082747
SUSE Bug 1082747

openSUSE-SU-2018:0429-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-3836

Описание

Затронутые продукты

Ссылки