Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2019:1605-1

Опубликовано: 24 июн. 2019
Источник: suse-cvrf

Описание

Security update for netpbm

This update for netpbm fixes the following issues:

Security issues fixed:

  • CVE-2017-2579: Fixed out-of-bounds read in expandCodeOntoStack() (bsc#1024288).
  • CVE-2017-2580: Fixed out-of-bounds write of heap data in addPixelToRaster() function (bsc#1024291).
  • create netpbm-vulnerable subpackage and move pstopnm there, as ghostscript is used to convert (bsc#1136936)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0
libnetpbm-devel-10.80.1-lp151.4.3.1
libnetpbm11-10.80.1-lp151.4.3.1
libnetpbm11-32bit-10.80.1-lp151.4.3.1
netpbm-10.80.1-lp151.4.3.1
netpbm-vulnerable-10.80.1-lp151.4.3.1
openSUSE Leap 15.1
libnetpbm-devel-10.80.1-lp151.4.3.1
libnetpbm11-10.80.1-lp151.4.3.1
libnetpbm11-32bit-10.80.1-lp151.4.3.1
netpbm-10.80.1-lp151.4.3.1
netpbm-vulnerable-10.80.1-lp151.4.3.1

Ссылки

Описание

An out-of-bounds read vulnerability was found in netpbm before 10.61. The expandCodeOntoStack() function has an insufficient code value check, so that a maliciously crafted file could cause the application to crash or possibly allows code execution.

Затронутые продукты
openSUSE Leap 15.0:libnetpbm-devel-10.80.1-lp151.4.3.1
openSUSE Leap 15.0:libnetpbm11-10.80.1-lp151.4.3.1
openSUSE Leap 15.0:libnetpbm11-32bit-10.80.1-lp151.4.3.1
openSUSE Leap 15.0:netpbm-10.80.1-lp151.4.3.1
Ссылки

Описание

An out-of-bounds write vulnerability was found in netpbm before 10.61. A maliciously crafted file could cause the application to crash or possibly allow code execution.

Затронутые продукты
openSUSE Leap 15.0:libnetpbm-devel-10.80.1-lp151.4.3.1
openSUSE Leap 15.0:libnetpbm11-10.80.1-lp151.4.3.1
openSUSE Leap 15.0:libnetpbm11-32bit-10.80.1-lp151.4.3.1
openSUSE Leap 15.0:netpbm-10.80.1-lp151.4.3.1
Ссылки