Описание
Security update for brotli
This update for brotli fixes the following issues:
brotli was updated to 1.0.9:
- CVE-2020-8927: Fix integer overflow when input chunk is longer than 2GiB [boo#1175825]
brotli -vnow reports raw / compressed size- decoder: minor speed / memory usage improvements
- encoder: fix rare access to uninitialized data in ring-buffer
Список пакетов
openSUSE Leap 15.2
brotli-1.0.9-lp152.2.3.1
libbrotli-devel-1.0.9-lp152.2.3.1
libbrotlicommon1-1.0.9-lp152.2.3.1
libbrotlicommon1-32bit-1.0.9-lp152.2.3.1
libbrotlidec1-1.0.9-lp152.2.3.1
libbrotlidec1-32bit-1.0.9-lp152.2.3.1
libbrotlienc1-1.0.9-lp152.2.3.1
libbrotlienc1-32bit-1.0.9-lp152.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1578-1
- SUSE Security Ratings
- SUSE Bug 1175825
- SUSE CVE CVE-2020-8927 page
Описание
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Затронутые продукты
openSUSE Leap 15.2:brotli-1.0.9-lp152.2.3.1
openSUSE Leap 15.2:libbrotli-devel-1.0.9-lp152.2.3.1
openSUSE Leap 15.2:libbrotlicommon1-1.0.9-lp152.2.3.1
openSUSE Leap 15.2:libbrotlicommon1-32bit-1.0.9-lp152.2.3.1
Ссылки
- CVE-2020-8927
- SUSE Bug 1175825