Описание
Security update for brotli
This update for brotli fixes the following issues:
- CVE-2020-8927: Fixed integer overflow when input chunk is larger than 2GiB (bsc#1175825).
Список пакетов
openSUSE Leap 15.3
brotli-1.0.7-3.3.1
libbrotli-devel-1.0.7-3.3.1
libbrotlicommon1-1.0.7-3.3.1
libbrotlicommon1-32bit-1.0.7-3.3.1
libbrotlidec1-1.0.7-3.3.1
libbrotlidec1-32bit-1.0.7-3.3.1
libbrotlienc1-1.0.7-3.3.1
libbrotlienc1-32bit-1.0.7-3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2021:3942-1
- SUSE Security Ratings
- SUSE Bug 1175825
- SUSE CVE CVE-2020-8927 page
Описание
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the "streaming" API as opposed to the "one-shot" API, and impose chunk size limits.
Затронутые продукты
openSUSE Leap 15.3:brotli-1.0.7-3.3.1
openSUSE Leap 15.3:libbrotli-devel-1.0.7-3.3.1
openSUSE Leap 15.3:libbrotlicommon1-1.0.7-3.3.1
openSUSE Leap 15.3:libbrotlicommon1-32bit-1.0.7-3.3.1
Ссылки
- CVE-2020-8927
- SUSE Bug 1175825