openSUSE-SU-2019:0323-1

Опубликовано: 23 мар. 2019

Источник: suse-cvrf

Описание

Security update for libcomps

This update for libcomps fixes the following issue:

Security issue fixed:

CVE-2019-3817: Fixed a use-after-free vulnerability in comps_objmradix.c:comps_objmrtree_unite() function where could allow to application crash or code execution (bsc#1122841).

Список пакетов

openSUSE Leap 15.0

libcomps-devel-0.1.8-lp150.2.3.1

libcomps-doc-0.1.8-lp150.2.3.1

libcomps0_1_6-0.1.8-lp150.2.3.1

python-libcomps-doc-0.1.8-lp150.2.3.1

python2-libcomps-0.1.8-lp150.2.3.1

python3-libcomps-0.1.8-lp150.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/PSQV6NWJAYKECIA3EOSWUDS7AG5DTTRU/#PSQV6NWJAYKECIA3EOSWUDS7AG5DTTRU
E-Mail link for openSUSE-SU-2019:0323-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1122841
SUSE Bug 1122841
https://www.suse.com/security/cve/CVE-2019-3817/
SUSE CVE CVE-2019-3817 page

Описание

A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.

Затронутые продукты

openSUSE Leap 15.0:libcomps-devel-0.1.8-lp150.2.3.1

openSUSE Leap 15.0:libcomps-doc-0.1.8-lp150.2.3.1

openSUSE Leap 15.0:libcomps0_1_6-0.1.8-lp150.2.3.1

openSUSE Leap 15.0:python-libcomps-doc-0.1.8-lp150.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-3817.html
CVE-2019-3817
https://bugzilla.suse.com/1122841
SUSE Bug 1122841

openSUSE-SU-2019:0323-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2019-3817

Описание

Затронутые продукты

Ссылки