Описание
Security update for discount
This update for discount to version 2.2.4 fixes the following issues:
Security issues fixed:
- CVE-2018-11468: Fixed a heap-based buffer over-read in the __mkd_trim_line function from mkdio.c (boo#1094809)
- CVE-2018-12495: Fixed a heap-based buffer over-read via a crafted file (boo#1098252)
Список пакетов
SUSE Package Hub 15
discount-2.2.4-bp150.3.3.1
libmarkdown-devel-2.2.4-bp150.3.3.1
libmarkdown2-2.2.4-bp150.3.3.1
openSUSE Leap 15.0
discount-2.2.4-bp150.3.3.1
libmarkdown-devel-2.2.4-bp150.3.3.1
libmarkdown2-2.2.4-bp150.3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:0019-1
- SUSE Security Ratings
- SUSE Bug 1094809
- SUSE Bug 1098252
- SUSE CVE CVE-2018-11468 page
- SUSE CVE CVE-2018-12495 page
Описание
The __mkd_trim_line function in mkdio.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file, as demonstrated by mkd2html.
Затронутые продукты
SUSE Package Hub 15:discount-2.2.4-bp150.3.3.1
SUSE Package Hub 15:libmarkdown-devel-2.2.4-bp150.3.3.1
SUSE Package Hub 15:libmarkdown2-2.2.4-bp150.3.3.1
openSUSE Leap 15.0:discount-2.2.4-bp150.3.3.1
Ссылки
- CVE-2018-11468
- SUSE Bug 1094809
Описание
The quoteblock function in markdown.c in libmarkdown.a in DISCOUNT 2.2.3a allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file.
Затронутые продукты
SUSE Package Hub 15:discount-2.2.4-bp150.3.3.1
SUSE Package Hub 15:libmarkdown-devel-2.2.4-bp150.3.3.1
SUSE Package Hub 15:libmarkdown2-2.2.4-bp150.3.3.1
openSUSE Leap 15.0:discount-2.2.4-bp150.3.3.1
Ссылки
- CVE-2018-12495
- SUSE Bug 1098252