openSUSE-SU-2022:1040-1

Опубликовано: 30 мар. 2022

Источник: suse-cvrf

Описание

Security update for protobuf

This update for protobuf fixes the following issues:

CVE-2021-22570: Fix incorrect parsing of nullchar in the proto symbol (bsc#1195258).

Список пакетов

openSUSE Leap 15.3

libprotobuf-lite20-3.9.2-4.12.1

libprotobuf-lite20-32bit-3.9.2-4.12.1

libprotobuf20-3.9.2-4.12.1

libprotobuf20-32bit-3.9.2-4.12.1

libprotoc20-3.9.2-4.12.1

libprotoc20-32bit-3.9.2-4.12.1

protobuf-devel-3.9.2-4.12.1

protobuf-java-3.9.2-4.12.1

protobuf-source-3.9.2-4.12.1

python2-protobuf-3.9.2-4.12.1

python3-protobuf-3.9.2-4.12.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FIWUQWCBEUJG4GQZ33E3U56DPOPU6GGL/
E-Mail link for openSUSE-SU-2022:1040-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1195258
SUSE Bug 1195258
https://www.suse.com/security/cve/CVE-2021-22570/
SUSE CVE CVE-2021-22570 page

Описание

Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater.

Затронутые продукты

openSUSE Leap 15.3:libprotobuf-lite20-3.9.2-4.12.1

openSUSE Leap 15.3:libprotobuf-lite20-32bit-3.9.2-4.12.1

openSUSE Leap 15.3:libprotobuf20-3.9.2-4.12.1

openSUSE Leap 15.3:libprotobuf20-32bit-3.9.2-4.12.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-22570.html
CVE-2021-22570
https://bugzilla.suse.com/1195258
SUSE Bug 1195258

openSUSE-SU-2022:1040-1

Описание

Список пакетов

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2021-22570

Описание

Затронутые продукты

Ссылки