openSUSE-SU-2018:1038-1

Опубликовано: 20 апр. 2018

Источник: suse-cvrf

Описание

Security update for cfitsio

This update for cfitsio fixes the following issues:

Security issues fixed:

CVE-2018-1000166: Unsafe use of sprintf() can allow a remote unauthenticated attacker to execute arbitrary code (boo#1088590)

This update to version 3.430 also contains a number of upstream bug fixes.

The following tracked packaging changes are included:

boo#1082318: package licence text as license, not as documentation

Список пакетов

openSUSE Leap 42.3

cfitsio-3.430-4.3.1

cfitsio-devel-3.430-4.3.1

cfitsio-devel-doc-3.430-4.3.1

libcfitsio5-3.430-4.3.1

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2018-04/msg00062.html
E-Mail link for openSUSE-SU-2018:1038-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2018-3848 and CVE-2018-3849. Reason: This candidate is a reservation duplicate of CVE-2018-3848 and CVE-2018-3849. Notes: All CVE users should reference CVE-2018-3848 and CVE-2018-3849 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Затронутые продукты

openSUSE Leap 42.3:cfitsio-3.430-4.3.1

openSUSE Leap 42.3:cfitsio-devel-3.430-4.3.1

openSUSE Leap 42.3:cfitsio-devel-doc-3.430-4.3.1

openSUSE Leap 42.3:libcfitsio5-3.430-4.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2018-1000166.html
CVE-2018-1000166
https://bugzilla.suse.com/1088590
SUSE Bug 1088590

openSUSE-SU-2018:1038-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2018-1000166

Описание

Затронутые продукты

Ссылки