Описание
Security update for getdata
getdata was updated to 0.11.0, fixing bugs and a security issue:
- CVE-2021-20204: Fixed a use after free in _GD_Supports() in encoding.c (boo#1186251)
for all relevant changes see: https://github.com/ketiltrout/getdata/releases/tag/v0.11.0
Список пакетов
openSUSE Leap 15.2
getdata-0.11.0-lp152.4.3.1
getdata-devel-0.11.0-lp152.4.3.1
getdata-doc-0.11.0-lp152.4.3.1
libf95getdata7-0.11.0-lp152.4.3.1
libfgetdata6-0.11.0-lp152.4.3.1
libgetdata++7-0.11.0-lp152.4.3.1
libgetdata8-0.11.0-lp152.4.3.1
perl-getdata-0.11.0-lp152.4.3.1
python-getdata-0.11.0-lp152.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:1645-1
- SUSE Security Ratings
- SUSE Bug 1186251
- SUSE CVE CVE-2021-20204 page
Описание
A heap memory corruption problem (use after free) can be triggered in libgetdata v0.10.0 when processing maliciously crafted dirfile databases. This degrades the confidentiality, integrity and availability of third-party software that uses libgetdata as a library. This vulnerability may lead to arbitrary code execution or privilege escalation depending on input/skills of attacker.
Затронутые продукты
openSUSE Leap 15.2:getdata-0.11.0-lp152.4.3.1
openSUSE Leap 15.2:getdata-devel-0.11.0-lp152.4.3.1
openSUSE Leap 15.2:getdata-doc-0.11.0-lp152.4.3.1
openSUSE Leap 15.2:libf95getdata7-0.11.0-lp152.4.3.1
Ссылки
- CVE-2021-20204
- SUSE Bug 1186251