openSUSE-SU-2018:0504-1

Опубликовано: 21 фев. 2018

Источник: suse-cvrf

Описание

Security update for libXcursor

This update for libXcursor fixes the following issues:

CVE-2017-16612: It is possible to trigger heap overflows due to an integer overflow while parsing images and a signedness issue while parsing comments. (boo#1065386)

Список пакетов

openSUSE Leap 42.3

libXcursor-1.1.14-10.3.1

libXcursor-devel-1.1.14-10.3.1

libXcursor-devel-32bit-1.1.14-10.3.1

libXcursor1-1.1.14-10.3.1

libXcursor1-32bit-1.1.14-10.3.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2018-02/msg00087.html
E-Mail link for openSUSE-SU-2018:0504-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

libXcursor before 1.1.15 has various integer overflows that could lead to heap buffer overflows when processing malicious cursors, e.g., with programs like GIMP. It is also possible that an attack vector exists against the related code in cursor/xcursor.c in Wayland through 1.14.0.

Затронутые продукты

openSUSE Leap 42.3:libXcursor-1.1.14-10.3.1

openSUSE Leap 42.3:libXcursor-devel-1.1.14-10.3.1

openSUSE Leap 42.3:libXcursor-devel-32bit-1.1.14-10.3.1

openSUSE Leap 42.3:libXcursor1-1.1.14-10.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-16612.html
CVE-2017-16612
https://bugzilla.suse.com/1065386
SUSE Bug 1065386
https://bugzilla.suse.com/1159415
SUSE Bug 1159415

openSUSE-SU-2018:0504-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2017-16612

Описание

Затронутые продукты

Ссылки