Описание
Security update for pspp, spread-sheet-widget
This update for pspp to version 1.2.0 fixes the following issues:
Security issue fixed:
- CVE-2018-20230: Fixed a heap-based buffer overflow in read_bytes_internal function that could lead to denial-of-service (bsc#1120061).
Other bug fixes and changes:
- Add upstream patch to avoid compiling with old Texinfo 4.13.
- New experimental command SAVE DATA COLLECTION to save MDD files.
- MTIME and YMDHMS variable formats now supported.
- Spread sheet rendering now done via spread-sheet-widget.
This update introduces a new package called spread-sheet-widget as dependency.
Список пакетов
openSUSE Leap 15.0
libspread-sheet-widget0-0.3-lp150.2.1
pspp-1.2.0-lp150.2.3.1
pspp-devel-1.2.0-lp150.2.3.1
spread-sheet-widget-devel-0.3-lp150.2.1
Ссылки
- E-Mail link for openSUSE-SU-2019:0198-1
- SUSE Security Ratings
- SUSE Bug 1120061
- SUSE CVE CVE-2018-20230 page
Описание
An issue was discovered in PSPP 1.2.0. There is a heap-based buffer overflow at the function read_bytes_internal in utilities/pspp-dump-sav.c, which allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Затронутые продукты
openSUSE Leap 15.0:libspread-sheet-widget0-0.3-lp150.2.1
openSUSE Leap 15.0:pspp-1.2.0-lp150.2.3.1
openSUSE Leap 15.0:pspp-devel-1.2.0-lp150.2.3.1
openSUSE Leap 15.0:spread-sheet-widget-devel-0.3-lp150.2.1
Ссылки
- CVE-2018-20230
- SUSE Bug 1120061
- SUSE Bug 1203128