openSUSE-SU-2021:0812-1

Опубликовано: 30 мая 2021

Источник: suse-cvrf

Описание

Security update for libxls

This update for libxls fixes the following issues:

libxsl was updated to release 1.6.2:

Fix NULL pointer dereferences in the xls2csv tool [boo#1179532] [CVE-2020-27819]

Update to release 1.6.1

Enabled decoding of non-Unicode character sets in older (BIFF5) XLS files.
Improved string conversion performance in newer files.

update to 1.5.3:

Allow truncated XLS files
Fix long-standing 'extra column' bug #73
Support for RSTRING records (rich-text cells in older BIFF5 files) tidyverse/readxl#611

Список пакетов

openSUSE Leap 15.2

libxls-devel-1.6.2-lp152.2.3.1

libxls-tools-1.6.2-lp152.2.3.1

libxlsreader8-1.6.2-lp152.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/G6PICHOKDDWFUM2A34VZUNW6XR4NUUPC/
E-Mail link for openSUSE-SU-2021:0812-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1179532
SUSE Bug 1179532
https://www.suse.com/security/cve/CVE-2020-27819/
SUSE CVE CVE-2020-27819 page

Описание

An issue was discovered in libxls before and including 1.6.1 when reading Microsoft Excel files. A NULL pointer dereference vulnerability exists when parsing XLS cells in libxls/xls2csv.c:199. It could allow a remote attacker to cause a denial of service via crafted XLS file.

Затронутые продукты

openSUSE Leap 15.2:libxls-devel-1.6.2-lp152.2.3.1

openSUSE Leap 15.2:libxls-tools-1.6.2-lp152.2.3.1

openSUSE Leap 15.2:libxlsreader8-1.6.2-lp152.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-27819.html
CVE-2020-27819
https://bugzilla.suse.com/1179532
SUSE Bug 1179532

openSUSE-SU-2021:0812-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-27819

Описание

Затронутые продукты

Ссылки